The U.S. government is alerting users to secure their home and small office routers, as Russian state-sponsored hackers are actively compromising these devices. These compromised routers are then used to obscure malicious activities targeting critical infrastructure and private sector organizations.

This warning highlights an active and widespread cyber threat targeting common networking devices, potentially exposing sensitive organizations and individuals to data breaches and other malicious activities by state-sponsored actors.
The U.S. government has issued a warning to users of home and small office routers, urging them to secure their devices against Russian state-sponsored hackers. These actors are actively compromising routers globally to use them as proxies for malicious activities targeting sensitive organizations in both public and private sectors.
The Cybersecurity and Infrastructure Security Agency (CISA) stated that Russian Federal Security Service (FSB) Center 16 cyber actors are exploiting poorly configured and vulnerable networking devices. These groups, also known by various aliases such as Berserk Bear and Dragonfly, are enrolling compromised routers into botnets. These botnets are then used to scan IP ranges and send malicious traffic from spoofed addresses, leveraging the Simple Network Management Protocol (SNMP) on vulnerable routers to run malware.
This advisory was co-issued by cybersecurity agencies from allied nations including Australia, Denmark, New Zealand, and the United Kingdom. The practice of compromising routers for malicious purposes has been ongoing for years, with both Russian and Chinese governments engaging in efforts to control these devices. Previous efforts by governments and companies to disrupt these botnets have been described as "whack-a-mole exercises" due to the operators' ability to quickly replace compromised networks.