The National Security Agency (NSA) has joined forces with the FBI to alert Americans about a significant threat posed by Russian military intelligence hackers. According to the agencies, these cybercriminals have been exploiting vulnerable home and small office routers to steal sensitive information from users across the United States and around the globe.

The FBI explained that the hackers, identified as Russian GRU cyber actors known as APT28, Fancy Bear, and Forest Blizzard, have targeted routers worldwide. Their sophisticated operation allows them to compromise routers by changing critical internet settings, redirecting web traffic through systems they control. This enables attackers to intercept passwords, authentication tokens, emails, and browsing activity that would usually be protected.

Authorities warn that the campaign has affected victims in the U.S. and other countries, and that the group has been exploiting known router vulnerabilities, including a flaw in certain TP-Link devices. Their focus has narrowed to information tied to military, government, and critical infrastructure networks, raising concerns about national security.

Because devices like phones and laptops depend on router settings to connect to the internet, a compromised router can expose much more than just the router itself. The FBI and NSA strongly urge users to take action: change default usernames and passwords, install the latest firmware updates, disable remote management from the internet, and replace any unsupported devices no longer receiving security updates.

The agencies also advise users to heed browser and email certificate warnings, as these can signal attempts to intercept secure online traffic. Employers that permit remote work are encouraged to review how workers connect to sensitive systems, including the use of virtual private networks and more secure application settings.

For those who suspect they may have been targeted, the FBI recommends contacting a local field office or filing a complaint with the Internet Crime Complaint Center. This warning comes on the heels of a recent disruption by the Justice Department and FBI of a GRU network of compromised routers used in malicious DNS hijacking operations.

The advisory was issued with the participation of multiple U.S. and international cyber and intelligence partners, underscoring the urgency and global scope of the threat.

KPGZ News – Brian Watts contributed to this story.