- Russian hackers hijacked outdated routers to redirect internet traffic and steal login details.
- The campaign targeted small office and home office routers, including several older TP-Link models.
- Federal agents disrupted part of the operation, but they cannot update or replace your router for you.
- You can reduce your risk by updating firmware, changing default passwords and replacing unsupported routers.
Your Wi-Fi router may be the least glamorous gadget in your home. It sits on a shelf, blinks in the corner and only gets attention when Netflix freezes. However, that little box controls a lot more than you may think. Federal officials say a Russian military intelligence hacking group abused vulnerable small office and home office routers to help run an espionage operation. The group is known as APT28, Fancy Bear and Forest Blizzard. It has been linked to Russia’s GRU military intelligence agency.
The hackers changed router settings so internet requests could flow through servers they controlled. That gave them a way to watch for valuable targets, redirect traffic and steal sensitive login information. The Justice Department and FBI say they disrupted the U.S. portion of the network in April. That is good news. Still, law enforcement cannot walk into your house, update your router or change the password printed on an old sticker. That part is on you.
Credit: TP-Link
How this router attack worked
This attack focused on SOHO routers. That stands for small office and home office routers. In other words, these are the kinds of devices used by small businesses, remote workers and some homes. The hackers used weaknesses in older routers to change DNS settings.
DNS is like the address book for the internet. When you type a website name, DNS helps your device find the right online destination. If hackers control that address book, they can send certain requests through their own servers. That can let them spot valuable targets and try to steal passwords, authentication tokens, emails or browsing data.
That to me is scary because the victim may not see anything obvious. Your laptop may still connect. Your phone may still browse. Your router may still look normal. Meanwhile, the traffic can be quietly routed through a bad path.
Why old routers can become a weak spot
Routers age like any other device. The problem is that many people keep them for years after the manufacturer stops supporting them. That can leave known security holes sitting open.
Many people also never change the router’s admin username and password. That admin login is different from your Wi-Fi password. It controls the router itself. If that login still uses a default password, a hacker has a much easier path inside.
Think of it this way. You may have strong passwords on your bank account, email and phone. But if your router is outdated and poorly protected, your network still has a soft spot.
Credit: TP-Link
Which routers were targeted?
The FBI specifically referred to the TP-Link WR841N in its warning. The UK National Cyber Security Centre also listed other TP-Link models targeted by APT28. The agency says the list may not be complete.
Here are the routers named in the advisory:
- TP-Link LTE Wireless N Router MR6400
- TP-Link Wireless Dual Band Gigabit Router Archer C5
- TP-Link Wireless Dual Band Gigabit Router Archer C7
- TP-Link Wireless Dual Band Gigabit Router WDR3600
- TP-Link Wireless Dual Band Gigabit Router WDR4300
- TP-Link Wireless Dual Band Router WDR3500
- TP-Link Wireless Lite N Router WR740N
- TP-Link Wireless Lite N Router WR740N/WR741ND
- TP-Link Wireless Lite N Router WR749N
- TP-Link Wireless N 3G/4G Router MR3420
- TP-Link Wireless N Access Point WA801ND
- TP-Link Wireless N Access Point WA901ND
- TP-Link Wireless N Gigabit Router WR1043ND
- TP-Link Wireless N Gigabit Router WR1045ND
- TP-Link Wireless N Router WR840N
- TP-Link Wireless N Router WR841HP
- TP-Link Wireless N Router WR841N
- TP-Link Wireless N Router WR841N/WR841ND
- TP-Link Wireless N Router WR842N
- TP-Link Wireless N Router WR842ND
- TP-Link Wireless N Router WR845N
- TP-Link Wireless N Router WR941ND
- TP-Link Wireless N Router WR945N
If you see your model on this list, take it seriously. Many of these routers are older. Some may no longer get normal security support. We reached out to TP-Link for comments, but did not hear back before our deadline.
A Texas mom says she spent the night in jail after speaking up online about dirty water in her town. The case was later dropped, but her story raises a troubling question: could something you post online ever put you at risk?
Join Kurt this Saturday, June 13 at 10 AM ET for quick phone privacy and security fixes.
See Kurt’s 2026 picks for practical tech and everyday upgrades.
What TP-Link says about the router warnings
A spokesperson from TP-Link Systems Inc. told CyberGuy the company is aware of recent public reporting involving legacy consumer routers, including TP-Link models listed in those reports. The company said the referenced legacy router models reached End of Service and Life status several years ago.
“While these products are outside our standard maintenance lifecycle, TP-Link has developed security updates for select legacy models where technically feasible,” the spokesperson said.
The spokesperson also urged customers using legacy or end-of-service devices to upgrade to currently supported hardware that receives regular security updates.
“As immediate precautions, users should update to the latest available firmware, disable remote management, and restrict device access to trusted internal networks only,” the spokesperson said.
TP-Link added that the security of its customers is its highest priority and said detailed mitigation guidance, along with a list of identified affected legacy products, is available on its official security advisory page.
What this means to you
Most people do not think about their router until the Wi-Fi drops. But your router sits between your devices and the internet. That gives it a powerful position in your home or small business. If a hacker changes the router’s settings, every connected device can feel the impact. That includes your laptop, smartphone, tablet, smart TV and work computer.
This is especially important if you work from home. A weak router can create a risk for your personal accounts and your workplace accounts. The good news is that you do not need to be a cybersecurity expert to lower the risk. You just need to stop treating your router like a forgotten appliance.
Credit: TP-Link
How to protect your router from hackers
The good news is that a few simple router checks can reduce your risk and help keep hackers from quietly changing how your internet traffic moves.
1) Check your router model
Look at the label on your router. You can usually find the model number on the bottom or back of the device. If it matches one of the listed models, check the manufacturer’s support page for firmware updates. If the device is no longer supported, replace it. Do not keep an end-of-life router because it “still works.” A router can still provide Wi-Fi while leaving your network exposed.
2) Update your router firmware
Firmware is the software that runs your router. Updates often fix security problems. Open your router’s app or log in to its admin page. Look for a firmware update section. Turn on automatic updates if your router offers that option. If it does not, set a reminder to check for updates regularly.
3) Change the router admin password
Your router has an admin login. This is separate from your Wi-Fi network password. Change the default admin username and password. Use a long, unique password that you do not use anywhere else. A password manager such as NordPass can help you create and store a strong router password so you do not have to remember it. Also, change your Wi-Fi password if you have shared it widely or kept it for years.
4) Disable remote management
Most people do not need to manage a home router from outside the house. Remote management can give attackers another way to reach your router. Log in to your router settings and turn it off unless you truly need it. The wording may vary by brand. Look for “remote management,” “remote access” or “WAN access.”
5) Reboot your router
A reboot will not fix every router problem. However, security agencies often recommend restarting routers as part of basic home network hygiene. Unplug your router, wait about 30 seconds and plug it back in. This can help clear some temporary malicious activity. Still, it does not replace updates, stronger passwords or replacing an outdated device.
6) Watch browser certificate warnings
Do not click through browser warnings that say a site certificate is invalid or unsafe. Those warnings can appear when something is interfering with a secure connection. In this kind of attack, that warning could be a major red flag. Close the page instead. Then check the site by typing the address yourself on a trusted network.
7) Use a VPN for sensitive work
If you handle work files or sensitive accounts from home, use your company-approved VPN. A VPN such as ExpressVPN can help protect traffic when you connect to workplace systems. It can also reduce exposure when you use networks you do not fully control. Still, a VPN is not a free pass to ignore router updates. You need safer habits and safer hardware.
8) Use strong antivirus software
Strong antivirus software like Norton Antivirus Plus can help protect your devices if a bad link, a fake login page or a malicious download reaches you. It will not fix a vulnerable router, but it can add another layer of protection for your computer and phone. Look for security software that can detect malware, warn you about phishing sites and help block suspicious activity before it causes damage.
- Strong real-time protection against viruses, malware, ransomware and hacking attempts
- AI-powered scam protection to help identify suspicious emails, texts and websites
- Built-in password manager to securely store and manage logins
- 2 GB PC cloud backup to help protect important files from ransomware or hardware failure
- Smart firewall and phishing protection
- Protects 1, 3 or 5 devices
- Available for Windows, macOS, Android and iOS
- Includes real-time threat protection, smart firewall and phishing protection to guard against online attacks
9) Consider identity theft protection
If hackers steal your login details, the damage can spread beyond your Wi-Fi network. Identity theft protection, such as Aura, can help monitor for signs that your personal information is being misused. It may alert you to suspicious activity involving your credit, accounts or personal data so you can act faster.
10) Use a data removal service
A data removal service like Incogni can help reduce the amount of personal information about you that is available online. That is important because scammers often combine stolen logins with exposed details from data broker sites. Removing your information from those sites can make it harder for criminals to build a fuller profile of you or your family.
Exclusive Deal for CyberGuy Readers (60% off): Incogni offers a 30-day, money-back guarantee and applies a special CyberGuy discount to all annual plans, for as low as $6.39/month for one person (billed annually) or $13.19/month for your family (up to 5 people) on their annual plan.
I strongly recommend the family plan. Here's why: the scam that starts with a Google search of your name almost always ends with a call to you, your elderly parent or a text to your adult child. Protecting yourself without protecting the people around you is half a solution. At $2.64 per person per month, the family plan covers up to five people, and the people most likely to be the final target are often the ones who'd never think to protect themselves.
Get Incogni and remove your info
11) Replace outdated routers
If your router no longer receives security updates, replace it. That may feel annoying. I get it. Nobody gets excited about buying a router the way they might get excited about a new phone. But your router protects everything connected to it. Spending money on a supported device can be cheaper than cleaning up stolen passwords later.
Related Links:
- FCC router rule raises questions about future updates
- How to remotely reset your router: Steps for easy troubleshooting
- When one Wi-Fi router isn’t enough – Top mesh networking winners
Kurt’s key takeaways
This router warning should make every home and small business owner pause for a minute. The scariest part is how ordinary the target is. We are talking about routers that may be sitting in homes, home offices and small businesses right now. The FBI and its partners disrupted part of the Russian operation. However, that does not magically secure old routers still sitting on shelves. So check your model. Update the firmware. Change the admin password. Turn off remote management. Replace the router if it no longer gets updates. Your router may be boring. But if it gets hijacked, it can become one of the most important security problems in your home.
Would you know how old your router is right now, or is it one of those devices you have not touched since the day it was installed? Let us know in the comments below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2026 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
🎙 Now Streaming: My New Podcast: The CyberGuy Report
Kurt’s Top Deals
Deals move fast and inventory can be limited, so don’t wait too long.
| 🔥 Editor’s pick  Summer entertaining Ninja SLUSHi Machine (26% off) Frozen drinks and slushies at home in minutes. | |
| 💰 Top deal  Outdoor essential TYPEC Solar Bug Zapper (36% off) Solar-powered bug zappers for patios and camping. |
