FBI remotely resets 1000s of private routers - Historico da BBS TELESC.NET.BR

BBS:      TELESC.NET.BR
Assunto:  FBI remotely resets 1000s of private routers
De:       Mike Powell
Data:     Thu, 14 May 2026 08:04:28 -0500
-----------------------------------------------------------
The FBI just remotely reset thousands of home and small office routers  and 
your TP-Link could be on the hitlist

Date:
Wed, 13 May 2026 15:05:00 +0000

Description:
The FBI obtained court-authorization to reset thousands of routers remotely, 
so they could kick lurking Russian hackers out of compromised networks

FULL STORY
Routers that have been reset should be replaced, and network setting checked 

The FBI have remotely reset thousands of home and small office routers after 
releasing a joint press release detailing how Russia has been compromising 
devices. 

Some brands of routers are known for lasting upwards of a decade, and while 
that's great for the consumer, the developers will often stop releasing 
updates to keep the router secure. This leaves them open to compromise by 
attackers, specifically Russias Main Directorate of the General Staff (GRU), 
tracked as APT28 or Fancy Bear, which has been snooping on unsecured routers 
since at least 2024, the FBI said .

Time to replace your router

If your device is included in the list of compromised devices
(listed below), and you have found that it has been reset, the FBI and NSA 
recommend that you replace your router as soon as possible. 

The GRU could be snooping on unsecured routers to intercept sensitive 
internet traffic, including credentials and authentication tokens that can be 
used to compromise personal and work accounts. In particular, GRU has been 
targeting routers belonging to workers in the military, government, and 
critical infrastructure industries. 

The FBI, NSA, and co-sealing agencies encourage SOHO router users to change 
default usernames and passwords, disable remote management interfaces from 
the Internet, update to latest firmware versions, and upgrade end-of-support 
devices. Users should also carefully consider certificate warnings in web 
browsers and email clients, the NSA said . 

Additionally, the FBI and NSA recommended that employees use a VPN when 
accessing sensitive information. Those that suspect they may have been 
compromised by the GRU should contact their local FBI field office and file a 
complaint with the Internet Crime Complaint Center (IC3).

A press release published by the US Justice Department detailed that the FBI 
had created a series of commands that, with court-authorization, it could 
send to compromised routers. 

The commands were designed to collect evidence regarding the GRU actors 
activity, reset DNS settings (i.e., remove GRU DNS resolvers and force 
routers to obtain legitimate DNS resolvers from their Internet Service 
Providers (ISP)), and to otherwise prevent the GRU actors from exploiting the 
original means of unauthorized access. 

The Justice Department added that the operation did not interfere with the 
normal functions of the router, nor did it collect any legitimate user data. 

The full list of targeted routers includes: TP-Link TL-WR841N TP-Link LTE
Wireless N Router MR6400 TP-Link Wireless Dual Band Gigabit Router Archer C5 
TP-Link Wireless Dual Band Gigabit Router Archer C7 TP-Link Wireless Dual 
Band Gigabit Router WDR3600 TP-Link Wireless Dual Band Gigabit Router WDR4300 
TP-Link Wireless Dual Band Router WDR3500 TP-Link Wireless Lite N Router 
WR740N TP-Link Wireless Lite N Router WR740N/WR741ND TP-Link Wireless Lite N 
Router WR749N TP-Link Wireless N 3G/4G Router MR3420 TP-Link Wireless N 
Access Point WA801ND TP-Link Wireless N Access Point WA901ND TP-Link Wireless 
N Gigabit Router WR1043ND TP-Link Wireless N Gigabit Router WR1045ND TP-Link 
Wireless N Router WR840N TP-Link Wireless N Router WR841HP TP-Link Wireless N 
Router WR841N TP-Link Wireless N Router WR841N/WR841ND TP-Link Wireless N 
Router WR842N TP-Link Wireless N Router WR842ND TP-Link Wireless N Router 
WR845N TP-Link Wireless N Router WR941ND TP-Link Wireless N Router WR945N

The Justice Department included a list of remediations for all routers: Replace
End-of-Life and End-of-Support routers; Upgrade to the latest available 
firmware; Verify the authenticity of DNS resolvers listed in router settings; 
and Review and implement firewall rules to prevent the unwanted exposure of 
remote management services.

"Operation Masquerade  led by FBI Boston  is the
latest example of how were defending our homeland from Russias GRU which 
weaponized routers owned by unsuspecting Americans in more than 23 states to 
steal sensitive government, military, and critical infrastructure 
information," said Special Agent in Charge Ted E. Docks of the FBIs Boston
Field Office.

"The FBI utilized cutting edge technology and leveraged our private sector and
international partners to unmask this malicious activity and remediate 
routers. Now were asking everyone who has a router to secure it, update its 
firmware, and replace it if needed. By working together, we can guard against 
nefarious nation state actors trying to compromise our national security."

Link to news story:
https://www.techradar.com/pro/security/the-fbi-just-remotely-reset-thousands-o
f-home-and-small-office-routers-and-your-tp-link-could-be-on-the-hitlist

$$
--- MultiMail/DOS
 * Origin: Capitol City Hub (1:2320/105)

-----------------------------------------------------------
[Voltar]