The silent cyber war hiding in your router

Nicușor Dan, president of Romania, called the ongoing cyberattack a continuous ‘hybrid war,’ urging nations to strengthen their cybersecurity measures

Published: April 9, 2026, 12:29 p.m. MDT

his Sunday, July 27, 2008, file photo shows an LED-illuminated wireless router in Philadelphia. Matt Rourke, Associated Press

Emma is a staff writer for the Deseret News where she covers the court system, social and cross-generational issues.

The FBI and CIA, alongside many Western intelligence allies, became aware of a Russian cyber breach targeting thousands of routers to obtain intelligence information. The U.S. intelligence agencies announced on Thursday that Operation Masquerade neutralized American routers compromised by Russia’s military intelligence agency, the GRU and its cyber unit, known as “Fancy Bear.”

“Since at least 2024, GRU actors have exploited known vulnerabilities to steal credentials for thousands of TP-Link routers worldwide. The actors then accessed many of these compromised routers without authorization and manipulated their settings to redirect DNS requests to GRU-controlled servers,” per a press release from the Department of Justice. “The GRU actors harvested unencrypted passwords, authentication tokens, emails, and other sensitive information from devices on the same network as the compromised TP-Link routers.”

Hijackings occurred around the globe, including in Canada, Finland, Latvia, Lithuania, Norway, Poland, Portugal, Romania and others.

Nicușor Dan, president of Romania, described the cyberattack as a continuous “hybrid war” on X, urging nations to better protect their cybersecurity.

The FBI, alongside partners including the Romanian Intelligence Service (SRI), have announced the disruption of a sustained cyberattack targeting sensitive infrastructure in several Western states.
Cyber operatives associated with the GRU (the Russian military intelligence…
— Nicușor Dan (@NicusorDanRO) April 8, 2026

The U.S. government said it ran technical operations on certain TP-Link routers, kicking out the hacker but leaving everything else untouched.

Officials shared the following protocol for owners of small office/home office routers:

Replace end-of-life and end-of-support routers.
Upgrade to the latest available firmware.
Verify the authenticity of DNS resolvers listed in router settings.
Review and implement firewall rules to prevent the unwanted exposure of remote management services.

As Bondi exit raises questions, Trump’s acting AG stresses loyalty and authority

Special Agent Ted Docks of the FBI’s Boston Field Office, which headed Operation Masquerade, said, “The FBI utilized cutting edge technology and leveraged our private sector and international partners to unmask this malicious activity and remediate routers. Now we’re asking everyone who has a router to secure it, update its firmware, and replace it if needed. By working together, we can guard against nefarious nation state actors trying to compromise our national security,” per the press release.

🚨#BREAKING: #FBI Boston, @USAO_EDPA, & @TheJusticeDept are announcing a court-authorized disruption of a DNS hijacking network controlled by a Russian Military Intelligence Unit that impacted thousands of TP-Link routers worldwide, including home and small business routers in at… pic.twitter.com/Mk0Ds0AqAW
— FBI Boston (@FBIBoston) April 7, 2026

Looking for comments?

Find comments in their new home! Click the buttons at the top or within the article to view them — or use the button below for quick access.