Federal agencies have issued a stark warning to the public about Russia's state-backed hackers actively attempting to compromise home and small-business routers.

According to the Cybersecurity and Infrastructure Security Agency (CISA), Russian cyber actors including groups tracked as Energetic Bear, Dragonfly, and Static Tundra are exploiting misconfigured or vulnerable networking devices to gain persistent access. These groups use compromised routers to mask their activities and launch further attacks once access has been gained. The advisory was co-issued with partners in Australia, Denmark, New Zealand, and the UK, as authorities have discovered these efforts are global and not just targeting the United States.
Russian and Chinese state actors have been attempting to infiltrate and compromise devices for many years now, and in some instances their efforts have paid off as critical infrastructure has been compromised and data has been extracted. While agencies like the FBI have temporarily disrupted botnets by resetting DNS settings, attackers simply rebuild their networks.
According to CISA, once a device has been compromised, the hackers then use it to launch additional attacks at various industries, such as communications, defense, finance, and government bodies. The idea is that since the compromised router is being used as a means of attack, cybersecurity defenses may be reduced since the attack is coming from a trusted IP, increasing the likelihood of bypassing firewalls or other prevention techniques.

Frequently Asked Questions
TweakBot answers common questions about this news using TweakTown's own coverage from this page and related content from our archive. Tap a question to reveal the answer, or type your own below.
Which router models are specifically mentioned or implicated in the CISA advisory as being targeted by Russian state-backed groups?
How do attackers use compromised home or small-business routers to mask their activity and bypass network defenses?
What immediate configuration changes does CISA recommend to secure routers against these attacks?
How can I check my router's DNS settings for signs of compromise as described in the advisory?
Have a question not listed here? Ask below and TweakBot will answer it.
Users are urged to secure their routers immediately by changing default passwords, updating firmware, and monitoring DNS settings for any irregular activity. CISA recommends disabling SNMP, disabling Cisco Smart Install, and using encrypted passwords.






