US Government Warns of Russian State Hackers Targeting Routers
The US government has issued a warning to users of home and small office routers, urging them to secure their devices. This alert comes as Russian state-sponsored hackers are reportedly compromising these routers en masse to mask their malicious activities against sensitive public and private sector organizations. The Cybersecurity and Infrastructure Security Agency (CISA) highlighted the ongoing exploitation of vulnerable networking devices by cyber actors linked to Russia's Federal Security Service (FSB).

The US federal government is advising individuals and small businesses to secure their home and office routers due to an ongoing campaign by Russian state-sponsored hackers. These actors are reportedly mass-compromising routers to conceal their nefarious actions targeting sensitive organizations across both public and private sectors.
Cybersecurity and Infrastructure Security Agency (CISA) stated on Monday that "Russian Federal Security Service (FSB) Center 16 cyber actors continue to exploit poorly configured and vulnerable networking devices worldwide, opportunistically compromising multiple critical infrastructure sector networks." The advisory was co-issued by governments from Australia, Denmark, New Zealand, and the UK.
Russian and Chinese government entities have been involved in router compromises for several years, sometimes engaging in prolonged disputes over control of devices previously commandeered by the other. The US government has previously undertaken measures, including issuing covert commands, to disinfect compromised routers.
Major tech companies, such as Google, have also worked to disrupt extensive botnets that control these compromised devices. However, these efforts have been described as temporary, with operators often replacing disrupted botnets with new ones. Hacking groups associated with these activities are tracked under various names, including Berserk Bear, Energetic Bear, Crouching Yeti, Dragonfly, Ghost Blizzard, and Static Tundra.
According to Ars Technica, the advisory emphasizes vigilance among router users as residential proxies become a prevalent tool for obscuring cyber operations.


