The FBI has released an alert regarding a collective of Russian military cybercriminals known as GRU (also referred to as APT28, Fancy Bear, and Forest Blizzard) who have been hijacking vulnerable routers, including EOL TP-Link routers, altering their DNS and DHCP configurations to facilitate the theft of private data from both individuals and businesses. In 2025, SecurityScorecard published findings related to Operation WrtHug, an extensive hacking initiative that exploited over 50,000 EOL ASUS routers in the U.S., Taiwan, and Russia for espionage against people and organizations globally.
The FBI recommended that keeping your router’s firmware up-to-date is among the most effective strategies to combat these intrusions. Additionally, avoid using the router’s factory username and password, and if your router is at EOL, consider replacing it. The Bureau also suggested turning off remote management features on your router to block access from individuals outside your home network.