What is Operation Masquerade?

FBI-led op that remotely reset DNS on 18,000+ compromised TP-Link routers to boot out APT28 hackers.

How did FBI disrupt APT28 on routers?

Used legal commands to wipe malicious settings, block re-entry, and sinkhole traffic — no physical seizures needed.

Is my TP-Link router safe from Russian hackers?

Update firmware immediately via TP-Link site or CISA guidance; enable DoH if possible; consider replacement for end-of-life models.

🌐 Nation-State Threats

FBI's Precision Strike: Severing APT28's Grip on 18,000 Routers

Eighteen thousand TP-Link routers. That's the scale of APT28's invisible empire — until the FBI flipped the switch. Operation Masquerade didn't just disrupt; it rewrote the rules of cyber defense.

theAIcatchup Apr 09, 2026 4 min read

Digital visualization of FBI disrupting Russian hacker network on compromised routers

⚡ Key Takeaways

FBI's Operation Masquerade disrupted APT28 on 18,000 TP-Link routers by remotely resetting DNS settings. 𝕏
APT28's router hijacks provide invisible, network-wide access without endpoint malware. 𝕏
This marks an evolution in both attacker tradecraft and defender offense, from sinkholing to direct device control. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#APT28 #FBI takedown #Operation Masquerade #router compromise

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by CyberScoop

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

FrostArmada's Fall: How Cops Crushed Russia's Router Spy Network Targeting Microsoft Logins

APT28's PRISMEX: Zero-Days and Hidden Payloads Assault Ukraine's Lifelines

Fancy Bear's Router Hijack: 5,000 Devices Fueling Russia's Fake News Blitz

Russia's Router Spies Hit 18,000 Devices — Feds Finally Unplug the Mess

Stay in the loop