FBI Router Takedown Cripples Russian GRU's 'Tremendous Access'

In a significant cyber offensive, the FBI has dismantled a sophisticated espionage campaign orchestrated by Russia’s GRU, known as APT28. Dubbed “Operation Masquerade,” the takedown targeted over 18,000 compromised TP-Link routers, providing the Russian intelligence agency with a virtually invisible foothold into more than 200 organizations globally. According to FBI Assistant Director Brett Leatherman, the campaign’s insidious nature stemmed from its ability to propagate malicious DNS settings, effectively rerouting traffic from all connected devices within a compromised home or office network. This allowed APT28 ‘tremendous access’ to sensitive data flowing through these routers.

Leatherman highlighted the unique contagion vector of this attack, explaining that once a router’s internet settings were altered, every device connecting to that network would automatically be funneled through the GRU’s malicious infrastructure. This made the campaign exceptionally difficult for end-users to detect, as the compromise operated largely unseen. The FBI’s swift action involved issuing commands to reset the routers’ DNS settings, effectively cutting off APT28’s exploitable access and thwarting their widespread surveillance efforts.