Las Vegas residents are getting an unusual safety reminder from the feds: check your Wi‑Fi router.
Federal authorities say they shut down a Russian military intelligence operation that quietly hijacked home and small‑office routers, then used them to steal login credentials and peek at sensitive military, government and critical infrastructure communications. As part of the takedown, officials say a court‑approved technical operation wiped malicious DNS settings on affected devices and mapped the network that Russian operatives were riding on.
After the disruption, the FBI’s Las Vegas field office posted a short public service alert urging locals to review and lock down their routers, a rare bit of cyber drama for everyday internet users in the valley.
What Officials Say
In an announcement from the Justice Department, officials say the FBI executed a court‑authorized operation that targeted the U.S. segment of a network of small‑office and home‑office routers allegedly compromised by a unit of Russia’s Main Intelligence Directorate, or GRU.
According to that account, agents remotely sent commands to affected routers that both collected evidence and removed DNS resolvers controlled by the GRU. The same commands forced the devices to start using legitimate DNS services from their internet providers again. The work, the Justice Department says, was led by the FBI’s Boston and Philadelphia field offices, with technical assistance from private sector partners.
How The GRU Used Routers
The National Security Agency and allied partners say GRU operators went after vulnerable TP‑Link and MikroTik router models, including exploitation tied to CVE‑2023‑50224. Once in, they allegedly altered DNS settings so that traffic quietly flowed through resolvers they controlled, allowing selective man‑in‑the‑middle interceptions rather than a noisy smash‑and‑grab.
Federal cyber guidance continues to push organizations to track and harden gear sitting at the network edge. For specific steps defenders should take, officials point to guidance from CISA.
How To Secure Your Router
Authorities are not just talking about foreign spies. They are also offering a basic home‑network tune‑up list.
They recommend replacing end‑of‑life routers that no longer receive updates, installing the latest firmware available, changing default passwords, disabling remote management if it is not needed and double‑checking the DNS resolvers listed in the router’s settings page.
According to the Justice Department and federal cybersecurity partners, anyone who performs a full factory reset on a previously compromised router will also wipe the FBI’s remediation commands. That is not a problem, they note, as owners can simply restore their preferred settings through the router’s admin interface. Vendors and internet service providers publish model‑specific instructions for that process.
Local Reach And Reporting
Although the disruption effort ran across the country, the FBI’s Las Vegas office issued its own notice and told Nevadans to report suspected router compromises either to their local FBI office or to the FBI’s Internet Crime Complaint Center, known as IC3.
Public reporting on the takedown, often referred to as “Operation Masquerade,” says the underlying campaign hit routers in more than 23 U.S. states and thousands of devices worldwide. For additional coverage of the operation and its scope, see The Boston Globe.
Legal Note
Court documents unsealed in the Eastern District of Pennsylvania describe in detail the commands used to gather evidence and reset DNS settings on the hijacked routers. Officials say those steps were tested against specific hardware and firmware versions to avoid breaking normal internet service for owners.
Technical partners including Lumen’s Black Lotus Labs and Microsoft Threat Intelligence helped identify victims and map the malicious infrastructure that supported the campaign. For more on that collaboration and the broader espionage effort, see reporting from Cyberscoop.
