Russia Hijacked 18,000 Home Routers. Check If Yours Was Hit.

Russian military intelligence has been inside your home network for months. And your ISP did not tell you. In April 2026, Krebs on Security confirmed that APT28 -- also known as Forest Blizzard, the GRU unit responsible for the DNC hack and NotPetya -- had compromised 18,000+ consumer and small business routers using DNS hijacking. The Attack Chain Step 1 -- Reconnaissance: APT28 scanned for routers with known vulnerabilities: MikroTik routers running RouterOS before 7.12.1 (CVE-2023-30799) TP-Link Archer AX21 running firmware before 20231214 (CVE-2023-1389) Step 2 -- DNS Hijacking: Once inside, attackers changed DNS settings to attacker-controlled resolvers. The proxy intercepted OAuth authentication sequences and harvested tokens. Step 3 -- Token Theft: OAuth tokens are digital keys to your online identity. Once stolen, attackers can access email, cloud storage, and impersonate you to third-party services. How to Check Check your DNS settings: Open a terminal and run: The Server line should show your router IP or chosen DNS provider. Unknown IPs, especially outside your country, indicate compromise. Check router firmware: TP-Link: admin panel > System Tools > Firmware Upgrade. Must be 20231214+ MikroTik: Winbox > System > Packages. RouterOS must be 7.12.1+ Use our DNS Inspector to verify resolution is clean. What to Do If Compromised Disconnect from the internet immediately Factory reset the router Update firmware from the official website before reconnecting Change admin credentials to strong unique passwords Rotate all OAuth tokens and passwords Switch to encrypted DNS (DoH/DoT): Cloudflare 1.1.1.1, Quad9, or Mullvad DNS Replace unsupported routers The IoT Security Crisis Consumer routers average 4+ years past their last security update. Manufacturers stop supporting models after 2-3 years. ISPs refuse to push firmware to customer-owned equipment. The result: Russian military hackers operate consumer router botnets for months. Your router is the front door to your digital life. Right now, it is hanging half-open. Use our DNS Inspector to verify your DNS is clean. Test for VPN leaks with our VPN Leak Test.