NSA Urges Router Security Overhaul as Russian Cyber Threats Target Home Networks

The National Security Agency has renewed warnings about the risks facing home and small-office internet routers, after joining the FBI and international partners in a public alert about Russian military intelligence cyber actors exploiting vulnerable devices to steal sensitive information. The April 7 notice said the campaign involved compromised small-office and home-office routers used in malicious DNS hijacking operations, and identified the threat actor as the GRU-linked group known as APT28, Fancy Bear and Forest Blizzard.

According to the advisory, the attackers have been exploiting vulnerable routers worldwide since at least 2024, including TP-Link devices affected by CVE-2023-50224. Authorities said the group altered router DNS settings so connected devices, including laptops and phones, inherited malicious configurations, allowing the attackers to harvest passwords, authentication tokens, emails and browsing data that would normally be protected by encryption. The agencies said the victims were broad and global, with particular interest in military, government and critical infrastructure-related information.

For households and remote workers, the advice is both immediate and practical. In the April 7 alert, the NSA and FBI urged users to change default usernames and passwords, disable remote management from the internet, update router firmware and replace unsupported devices. The NSA’s home-network security guidance also recommends frequent device reboots, saying users should schedule weekly restarts of routers, smartphones and computers at a minimum because regular reboots can help remove non-persistent malicious implants.

The warning comes amid a broader shift in how U.S. regulators are treating router security. On March 23, the Federal Communications Commission added routers produced in foreign countries to its Covered List, which means new covered router models cannot receive FCC equipment authorization unless they obtain a conditional approval from the Department of War or Department of Homeland Security. The FCC has also said the change does not affect routers already lawfully purchased or previously authorized, meaning existing devices are not suddenly banned from use.

The latest warnings reflect a growing concern that home networking gear is becoming an increasingly attractive weak point in global cyber operations. Routers are often overlooked by consumers, yet they sit at the edge of the network and can offer attackers a path to intercept traffic, redirect users and quietly collect sensitive information. Federal agencies are now making clear that router security is no longer a niche technical issue, but a frontline part of personal and national cyber defence.

Photo Credit: DepositPhotos.com