Follow ZDNET: Add us as a preferred source on Google.

ZDNET’s key takeaways

• The FBI and NSA are warning of new threats targeting routers.
• Attacks from Russian hackers can compromise your router.
• Update the firmware and tighten your router password.

When was the last time you updated or restarted your router? As long as your internet is working, you may set up your router and then forget about it. But based on new alerts from US federal agencies, that’s not such a good idea.

In new advisories published this week, both the FBI and NSA warned of Russian hackers targeting vulnerable routers around the world to steal sensitive information. Though the attackers are mostly interested in military and government secrets, home and small office users are also at risk. That’s because the attackers will hijack SOHO (small office, home office) routers from which they can stage their attacks.

Also: Your home Wi-Fi isn’t nearly as private as it should be – 6 free ways to lock it down

In one recent incident, the US Department of Justice and the FBI disrupted a network of compromised SOHO routers that the Russian GRU (General Staff Main Intelligence Directorate) had exploited to carry out malicious DNS hijacking operations. As Russia’s military-based spy agency, the GRU is infamous for committing acts of espionage and more violent types of attacks against foreign adversaries.

In its warnings, the FBI and NSA announced that members of the GRU cybercrime group APT28 (aka Fancy Bear and Forest Blizzard) have been stealing login credentials from compromised routers, including older, legacy TP-Link routers. In its own advisory for the CVE-2023-50224 vulnerability, TP-Link said that many of its products are affected, but that all of them have reached end-of-life status, which means they are no longer supported by the company.

Also: A $30 router with a built-in VPN? I had to try it – and haven’t had any regrets

The US government has already been weighing a ban of TP-Link routers, charging that the devices are vulnerable to security threats and are tied to China as the manufacturer’s country of origin. The company has fought back against these charges, arguing that China has no control over its products and that all the core data security functions are handled within the US.

Beyond TP-Link’s status, the FBI and NSA clearly see Russia’s GRU as a threat.

“The GRU has harvested passwords, authentication tokens, and sensitive information, including emails and web browsing information normally protected by secure socket layer (SSL) and transport layer security (TLS) encryption,” the FBI revealed. “The GRU has indiscriminately compromised a wide pool of US and global victims and then filtered down impacted users, especially targeting information related to military, government, and critical infrastructure.”

How to protect your router (and yourself)

Whether or not your router is vulnerable to these types of attacks, there are certain steps you should take to protect your device, your data, and yourself.

1. Change your router password

Every router comes with a default username and password to access its firmware. (This is different than the password you create for your Wi-Fi network.) But sticking with the default credentials is risky, so you should change them ASAP. 

Also: Traditional Wi-Fi router vs. mesh: How to decide between the 2 popular networking options

Sign in to your router’s firmware, look for the password setting, and set a new one. Follow the same advice you normally would when creating a strong password–something complex but memorable. You can also use a passphrase, which is just as secure as a good password, if not more so, and can be easier to remember.

2. Update the firmware

Router manufacturers periodically roll out new firmware in response to security holes and other bugs. In your router’s firmware, check the firmware update setting to see if any new versions are available, and then download and install them.

3. Upgrade an older router

An older, legacy router that has reached end-of-life status may no longer be supported by the manufacturer. That means you won’t receive firmware updates or security patches. To check your current router’s status, run a search for it or contact the manufacturer. If your router falls into this end-of-life category, replace it with a newer model that is supported.

4. Disable or tighten remote management

Most routers offer ways for you to manage or access them remotely from the public internet. That’s certainly convenient, but it can open up your device to hackers, especially if your password is weak or the router is otherwise vulnerable. Review the firmware settings to see if remote access is enabled. If so, consider disabling it or tightening the overall security to prevent unauthorized access.

Also: It’s time to admit your router’s built-in firewall isn’t enough – here’s what is

5. Periodically restart your router

Here’s one more piece of advice from an NSA Best Practices document. To combat any nonpersistent malware that may reside on your router, consider restarting it periodically, as often as once a week. This will remove any lingering, nonpersistent infections. If you already restart your router from time to time to deal with internet problems, then this is one more reason to do so.