The FBI has disrupted the U.S. portion of a network of routers compromised by Russian military intelligence in cyber operations used to steal government, military, and critical infrastructure information, U.S. officials said on April 7.
Known as Operation Masquerade, the FBI’s court-authorized crackdown hardened the compromised routers by sending them commands to reset their settings – and prevent Russia’s Main Intelligence Directorate of the General Staff (GRU) from continuing to access them.
A unit within the GRU had compromised the routers and redirected traffic from connected devices, including phones and laptops, to GRU-controlled infrastructure, the FBI said. The GRU actors were able to harvest unencrypted passwords, authentication tokens, emails, and other sensitive information.
“The GRU compromised a vast number of household routers in the U.S. and around the world, as well as those used by small- and medium-sized businesses to access high-value intelligence targets,” Assistant Director Brett Leatherman of the FBI’s Cyber Division said in a video announcing the operation.
“Defending the homeland is at the heart of the FBI’s mission, and today that means taking the fight to adversaries who target the digital infrastructure Americans depend on,” Leatherman said.
Assistant Attorney General for National Security John A. Eisenberg said the GRU’s “predatory use of networks in American homes and businesses for its malicious cyber operations remains a serious and persistent threat.” He vowed that the Justice Department “will continue to use every tool at our disposal to detect such intrusions and expel hostile foreign actors from our Nation’s networks.”
Officials did not reveal specifics about the number of routers targeted, the nature of the compromised information, or who was targeted in the worldwide Russian operation, which they said started around 2024. They said the routers are owned by unsuspecting Americans in more than 23 states.
The court-authorized steps to remediate compromised routers can be reversed by legitimate users through factory resets with hardware reset buttons, said the Justice Department, which released a list of remediation steps that users of small office and home office routers can take to better protect themselves.
The steps include replacing End-of-Life and End-of-Support routers and upgrading to the latest available firmware.
The operation was the latest U.S. effort to combat what officials have said are growing GRU cyber campaigns, some involving Russia’s war with Ukraine.
In May 2025, for example, the National Security Agency (NSA) and foreign intelligence services released a cybersecurity advisory calling attention to a Russian state-sponsored cyber campaign targeting Western government organizations and technology companies, including those involved in providing assistance to Ukraine.