Court-authorized operation targeted compromised devices used to redirect internet traffic and collect data
The Department of Justice (DOJ) and Federal Bureau of Investigation (FBI) announced a court-authorized technical operation to disable access by the Russian military intelligence GRU Unit 26165, also known as APT28, to a U.S. network of vulnerable home and small-business routers.
“GRU actors compromised routers in the US and around the world, hijacking them to conduct espionage. Given the scale of this threat, sounding the alarm wasn’t enough,“ said Assistant Director Brett Leatherman of the FBI’s Cyber Division. “The FBI conducted a court-authorized operation to harden compromised routers across the United States. We urge all router owners to take the remediation steps outlined today, because defending our networks requires all of us. The FBI will continue to use its authorities to identify and impose costs on state-sponsored actors who target the American people.”
According to court filings, the FBI sent commands to affected U.S. routers that restored legitimate DNS settings, collected limited technical evidence, and blocked continued unauthorized access without affecting normal device use or collecting user content.
“Now we’re asking everyone who has a router to secure it, update its firmware, and replace it if needed. By working together, we can guard against nefarious nation state actors trying to compromise our national security,” said Special Agent in Charge Ted Docks of the FBI’s Boston Field Office.
As the Lord Leads, Pray with Us…
- For Assistant Director Leatherman and Special Agent Docks as they oversee investigations into cybersecurity threats.
- For officials in the Justice Department as they bring cases against actors breaching U.S. networks.
- For federal agency leaders as they seek to strengthen and safeguard national cyber infrastructure.
Sources: Department of Justice, RedState
