Security Advisory: FBI and NSA Issue Warning on Home Router Compromise Risk

What’s Happening

The Federal Bureau of Investigation (FBI) and National Security Agency (NSA) recently issued a public warning regarding threat actors targeting small-office and home-office (SOHO) routers.

According to the FBI and NSA, cyber actors linked to Russian military intelligence have exploited vulnerable routers worldwide to support Domain Name System (DNS) hijacking, credential theft, and adversary-in-the-middle activity. The advisory specifically references compromised TP-Link routers using CVE-2023-50224, but the broader concern applies to any outdated or poorly secured home router.

Why This Matters

Your home router sits between your devices and the internet. If compromised, an attacker may be able to redirect traffic, manipulate DNS settings, capture credentials, or present fraudulent login pages.

What To Do Now

All home users should take the following steps:

1. Restart your home router.
2. Update the router firmware to the latest available version.
3. Change the router administrator password if it is default, weak, or reused.
4. Disable remote management from the internet.
5. Review DNS settings and make sure they point to your internet service provider (ISP) or another trusted DNS provider.
6. Do not ignore browser or email certificate warnings.
7. Replace the router if it is old, unsupported, or no longer receiving security updates.

For step-by-step home Wi-Fi security guidance, review CISA Project Upskill: Securing Your Home Wi-Fi. For more detailed technical guidance, review NSA Best Practices for Securing Your Home Network.

The FBI and NSA also recommend that small-office and home-office router users update firmware, change default usernames and passwords, disable internet-facing remote management interfaces, and upgrade end-of-support devices.

What to Watch For

Be alert for:

• Browser certificate warnings when accessing email, VPN, banking, or business systems
• Unexpected router setting changes
• Unknown DNS server entries
• Router admin password changes you did not make
• Repeated or unusual login prompts
• Suspicious redirects when visiting legitimate websites
• Unusual behavior across multiple devices on the same home network

What to Do if You Suspect a Problem

If you are part of an organization, notify your internal IT or security team. If this is a personal home network, contact your internet service provider or router manufacturer for support.

If you believe you were targeted or compromised by the activity described in the FBI/NSA advisory, the FBI recommends reporting the activity to your local FBI field office or filing a complaint with the Internet Crime Complaint Center (IC3).

What ISI Can Do to Help

Restarting your router is a good immediate step, but it should not be the only step. The more important actions are updating firmware, changing default passwords, disabling remote management, reviewing DNS settings, paying attention to certificate warnings, and replacing unsupported devices.

Home routers are often forgotten after installation, but they are a critical part of protecting both personal and business access.

If you open a support ticket (support@dodsecurity.com) or call the helpdesk at (202) 792-3042, we can triage and respond per our incident response process.

We will contain and investigate right away, which may include endpoint or account isolation, telemetry review, identity and session checks, and other remediation actions aligned to our incident response playbooks.

Stay safe, stay secure.

-ISI Cybersecurity Team

Reference Resources

• FBI Public Service Announcement: Russian GRU Targeting SOHO Routers (IC3)
• NSA Supports FBI in Highlighting Russian GRU Threats Against Routers
• CISA Project Upskill: Securing Your Home Wi-Fi
• NSA Best Practices for Securing Your Home Network