What routers are hit by the Russian GRU hack?

TP-Link and MikroTik SOHO models, via CVE-2023-50224. Update firmware now— or replace.

How does DNS hijacking steal your data?

Hackers reroute queries to their servers, spoof responses for targets, snag creds via AitM even on 'encrypted' traffic if you ignore warnings.

Is the FBI's router disruption permanent?

Nope. GRU rebuilds fast— same crew hit before. Stay vigilant; check NCSC IoCs.

🌐 Nation-State Threats

FBI Crushes GRU's Router Snooping Scheme: DNS Tricks and Hacked Home Gear Exposed

Routers. Those dusty boxes in your closet? Russia's GRU just got busted turning thousands into spy cams. FBI pulled the plug— but the real hack? We're all still wide open.

theAIcatchup Apr 08, 2026 4 min read

FBI operation disrupting Russian GRU router espionage network with hacked TP-Link devices

⚡ Key Takeaways

FBI disrupted APT28's (GRU) SOHO router network spying on gov, military via DNS hijacks. 𝕏
Thousands of devices hit; data harvested despite TLS if users ignored warnings. 𝕏
Echoes prior ops— patch routers, monitor DNS to fight back. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#APT28 #DNS hijacking #Fancy Bear #Forest Blizzard #GRU espionage #SOHO Routers #SOHO router hack #SOHO router hacks

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by SecurityWeek

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

APT28's FrostArmada: How Russian Spies Hijacked 18,000 Routers for Stealthy Global Espionage

APT28's Router Trap: How Russian Hackers Are Siphoning Your Secrets Through Everyday WiFi Gear

GRU's Simple Router Trick Nabbed Microsoft Tokens from 18,000 Networks

US FBI's Daring Router Raid Crushes Russia's DNS Spy Network

Stay in the loop