[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:inside-the-fbi-s-router-takedown-that-cut-off-apt28-s-tremendous-access-mnszfjr8":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":12,"action_required":15,"article_ids":16,"ioc_summary":18,"source_urls":19,"status":21,"expires_at":22,"created_at":23,"updated_at":24,"articles":25},"9a396c2e-8639-401e-a9f4-7d0da5adeed7","Inside the FBI’s router takedown that cut off APT28’s ‘tremendous access’","inside-the-fbi-s-router-takedown-that-cut-off-apt28-s-tremendous-access-mnszfjr8","APT28 compromised over 18,000 TP-Link routers to inject malicious DNS settings, intercepting traffic from all connected devices for intelligence gathering. Small offices and home networks are affected. This gave attackers persistent, transparent access to sensitive data across entire networks without targeting individual hosts.","high","advisory",[],[13,14],"TP-Link routers","FBI Cyber Division","Inventory all TP-Link routers in your environment immediately. Verify DNS settings are legitimate (check router admin panel). Reset DNS to ISP defaults or trusted public resolvers. Monitor network traffic for suspicious DNS queries and out-of-band C2 communication.",[17],"23d34834-ebd9-4785-85c6-506b2b060ec6",null,[20],"https:\u002F\u002Fcyberscoop.com\u002Ffbi-operation-masquerade-russian-gru-router-takedown-brett-leatherman\u002F","archived","2026-04-12T14:09:20.785+00:00","2026-04-10T14:09:28.853187+00:00","2026-04-12T15:07:38.215069+00:00",[26],{"id":17,"title":6,"url":20}]