Russian GRU spies hijacked over 18,000 American home and small business routers for global espionage, but the FBI just severed their access in a decisive court-authorized strike.
GRU’s Router Hijacking Campaign Exposed
Russian GRU Unit 74455, known as Fancy Bear or APT28, exploited known vulnerabilities in MikroTik and TP-Link routers starting several years ago. Hackers installed Moobot malware to hijack DNS settings, redirecting traffic for credential theft and spearphishing. This turned everyday small office/home office devices into espionage platforms targeting U.S. governments, militaries, and corporations. The operation spanned 120 countries, affecting regions like North Africa, Central America, and Southeast Asia. Unpatched firmware enabled silent compromises without user detection.
FBI’s Court-Authorized Counterstrike
The FBI, under Operation Dying Ember, secured court warrants last month to deploy remediation commands on U.S.-based infected routers. Agents copied malicious data, deleted malware, reset devices, and blocked GRU re-access. FBI Director Christopher Wray announced the success at the Munich Security Conference on April 7, 2026. DOJ confirmed the botnet takedown, with international partners like Lumen’s Black Lotus Labs, UK NCSC, and Microsoft providing critical intelligence. This legal-technical operation restored control to over 1,000 U.S. victims swiftly.
Scale of the Threat to American Families
The campaign compromised approximately 18,000 routers globally, including 5,000 consumer devices and 200+ organizations. Hackers bypassed two-factor authentication by stealing session tokens through traffic redirection. American homes and small businesses unknowingly hosted Russian spies intercepting sensitive data. This mirrors Fancy Bear’s past attacks like the 2016 DNC hack and 2022 Viasat destruction, but uniquely weaponized common consumer hardware. Victims remain exposed to credential theft until remediation.
Short-term, the disruption halts GRU phishing via this botnet and restores router security. Long-term, it deters similar ops but risks hacker pivots to new vulnerabilities. Economic costs hit ISPs and owners for upgrades, while eroded trust in home networks demands vigilance. Politically, it reinforces U.S. deterrence against Russia amid Ukraine tensions.
Lessons for Patriots: Secure Your Defenses
Attorney General Merrick Garland pledged continued disruptions of Russian cyber tools. FBI now issues advisories to ISPs for victim notifications and plans domain takedowns. Experts from NCSC and Black Lotus Labs stress opportunistic scanning of unpatched devices. Americans must prioritize firmware updates on MikroTik and TP-Link routers to safeguard family data and national security. This victory underscores limited government’s effective role in countering foreign aggression without overreach.
Under President Trump’s second term, federal agencies build on this momentum to protect constitutional freedoms from digital threats. Past lax policies allowed such vulnerabilities; now, proactive enforcement prevails. Stay informed, patch your routers, and support policies prioritizing American sovereignty over globalist distractions.
Sources:
US disrupts Russian hacking campaign that infiltrated home, small business routers: DOJ
Russian government hackers broke into thousands of home routers to steal passwords
Russian Hackers Hit SOHO Routers in Cyberespionage Campaign
US and allies disrupt Russian hacking operation against US and Europe, FBI chief says