FBI Router Hacking Warning 2026: Russian APT28 Turned 18,000 Home Routers Into Spy Hubs

# FBI Router Hacking Warning 2026: Russian APT28 Turned 18,000 Home Routers Into Spy Hubs

> **Quick answer:** Russian military intelligence unit APT28 (Fancy Bear) compromised approximately 18,000 home and small-office routers across 120 countries — including the U.S. — to steal Microsoft 365 passwords and authentication tokens. The FBI conducted a court-authorized operation (Operation Masquerade) to disrupt the network. If you own a TP-Link or Ubiquiti EdgeRouter, you need to perform a full factory reset, update firmware, and change your admin credentials today. A standard reboot will NOT remove the malware.

The FBI issued an urgent warning in April 2026: Russian state-sponsored hackers linked to the GRU have been using home routers in 23 U.S. states and across 120 countries as surveillance infrastructure — and your router may have been one of them. The FBI router hacking warning 2026 targets everyday Americans whose devices were silently converted into spy relay stations without their knowledge.

## What Is APT28 and What Did They Do to Home Routers?

APT28, also known as Fancy Bear and Forest Blizzard, is a hacking group operated by the Russian GRU's 85th Main Special Service Center — the same unit previously responsible for the 2016 Democratic National Committee breach and the 2022 Viasat satellite attack. This is not a group of hobbyist criminals. They answer to Russian military intelligence.

Their 2026 router campaign ran since at least 2024 and worked in a deceptively simple way. Rather than attacking hardened corporate firewalls directly, APT28 exploited home and small-office routers — devices that most people set up once and never touch again. The routers they targeted include **TP-Link** devices (exploiting a known vulnerability, CVE-2023-50224) and **Ubiquiti EdgeRouters** (often left running factory-default credentials: username "ubnt," password "ubnt").