In Soviet Russia, network scans YOU.
That's not a joke anymore. On April 7, 2026, the FBI announced Operation Masquerade: a court-authorized takedown of thousands of home routers across 23 states that had been quietly hijacked by Russia's military intelligence agency, the GRU. The same GRU. The one from the movies. The one that made us hide under our desks in elementary school. Except this isn't Red Dawn. Nobody parachuted into your backyard. They didn't need to. They were already inside your router.
And you had no idea.
What Actually Happened
Here's the short version. Since at least 2024, GRU Military Unit 26165 (you might know them as APT28, Fancy Bear, or Forest Blizzard - yes, the same crew behind the 2016 DNC hack) exploited known vulnerabilities in TP-Link and MikroTik home routers. We're talking about the cheap boxes your ISP rents you for $15 a month. The ones sitting on your shelf collecting dust and Russian intelligence.
They didn't install malware. They didn't need to. They just changed one setting: your DNS resolver.
If you don't know what DNS is, think of it as the phone book of the internet. When you type "outlook.com" into your browser, your router asks a DNS server "hey, what's the phone number for outlook.com?" and the DNS server tells your browser where to go.
The GRU changed who answers that phone call. Instead of your ISP's DNS server, your router was quietly asking a GRU-controlled server in Russia. And that server would sometimes say "oh, outlook.com? Sure, it's right over here" and send you to a fake login page that looked exactly like the real thing.
You'd type your password. They'd catch it. Then they'd forward you to the real Outlook so you'd never notice anything happened. Your email, your passwords, your authentication tokens - all harvested. Silently. For two years.
The Numbers
Let's put some scale on this.
18,000 routers compromised worldwide. Over 200 organizations infiltrated. 5,000 devices in the US alone across 23 states. 120 countries affected.
And the FBI's response? They had to get a court order to remotely access those routers and fix them. Let that sink in. The FBI had to hack your router to un-hack it because the GRU got there first.
"Given the scale of this threat, sounding the alarm wasn't enough." - FBI Assistant Director Brett Leatherman
That's the FBI saying "telling you to change your password wasn't going to cut it." They had to physically intervene.
The Part That Should Make You Angry
Here's the thing that gets me. The GRU didn't use some classified zero-day exploit that nobody knew about. They used known vulnerabilities. Documented. Published. Patched - if you'd bothered to update your firmware. Which you didn't. Because nobody does.
According to a 2025 Broadband Genie survey: 81% of internet users have never changed their router's admin password. 84% have never updated their router's firmware.
Eighty-four percent. That's not a statistic. That's an open invitation. That's leaving your front door unlocked, the porch light off, and a sign that says "COME ON IN" in Cyrillic.
The GRU didn't even target specific people at first. They were "indiscriminate in their initial targeting." They compromised everything they could find, then used automated filtering to sift through the data for anything interesting. Cast a wide net, see what swims in. It's the cyber equivalent of wiretapping every phone in the neighborhood and fast-forwarding to the interesting parts.
What the Government Tells You To Do
After Operation Masquerade, the FBI and NSA released their official guidance for home router owners:
Replace end-of-life routers. Upgrade to the latest firmware. Change your default admin password. Verify your DNS resolver settings. Disable remote management.
This is good advice. It's also advice that 84% of people won't follow, because they didn't follow it for the past decade and nothing about this announcement will change that. If "the FBI literally had to hack your router because Russia was inside it" doesn't motivate someone to change their admin password, nothing will.
The fundamental problem isn't that people are lazy. It's that consumer routers are designed to be plugged in and forgotten. That's the product. That's the selling point. "Easy setup! Just plug it in!" And then it sits there for five years with the same firmware, the same default password, and the same vulnerabilities that every intelligence agency on the planet has already cataloged.
What We Tell You To Do
Replace the whole thing. Not with another consumer router. Not with a slightly better consumer router. With an enterprise firewall that was designed from the ground up to actually protect your network.
Here's specifically why SecureNet would have prevented this attack:
DNS hijacking doesn't work if you run your own resolver. SecureNet runs Unbound, a self-hosted DNS resolver on your local network. Your DNS queries don't go to your ISP's server. They don't go to Google's server. They resolve locally, using root hints, with DNSSEC validation. A GRU DNS hijack requires changing where your DNS queries go. If your DNS resolver is running on a box in your living room that you own, there's nothing to hijack.
Network segmentation limits blast radius. SecureNet runs 8 isolated network segments. Even if somehow a device on one segment was compromised, it can't reach devices on other segments. Your IoT cameras can't talk to your laptop. Your kids' gaming devices can't reach your work computer. The GRU's attack worked because every device on the network trusted the same DNS resolver. Segmentation breaks that chain.
IDS/IPS catches suspicious traffic. SecureNet runs Suricata with 200,000+ threat signatures updated daily. Redirecting DNS traffic to a Russian server would trigger multiple alerts. You'd know about it before your first password got stolen.
No default passwords. No forgotten firmware. SecureNet is professionally configured during a 25-minute onboarding call. Your admin credentials are set up by an engineer who does this for a living. OPNsense pushes regular updates. The firewall manages itself. You don't need to remember to update firmware because the system is designed to stay current.
This Isn't New. It's Getting Worse.
Operation Masquerade isn't the first time the FBI has had to clean up compromised routers. In 2018, they took down the VPNFilter botnet. In 2022, Cyclops Blink. In 2024, Operation Dying Ember. Four operations in six years, all targeting consumer routers used as weapons by state-sponsored hackers.
Each time, the GRU evolved. Each time, the FBI had to evolve with them. And each time, the official advice was the same: update your firmware, change your password. Meanwhile, 84% of people do neither.
The FCC noticed. On March 23, 2026, they banned new foreign-made consumer routers from being sold in the US, citing the exact same attacks. Volt Typhoon. Salt Typhoon. Flax Typhoon. Now Operation Masquerade. Your consumer router isn't just a bad product. It's a national security risk.
The Bottom Line
Shall we play a game? That's what the WOPR asked in WarGames. Except this game isn't thermonuclear war. It's DNS hijacking. And the winning move isn't "not to play." The winning move is to stop using equipment that's designed to be compromised.
Your ISP router costs you $180 a year. It has a default password you've never changed. It's running firmware from 2022. And as of April 2026, we know for a fact that Russian military intelligence has been using devices exactly like it to steal American passwords, emails, and authentication tokens for at least two years.
For $100, a professional engineer will deploy an enterprise firewall on your home network that runs its own DNS resolver, monitors traffic with 200,000 threat signatures, segments your network into 8 isolated zones, and blocks over a million malicious domains daily. You own the hardware. You own the software. No subscriptions required.
The FBI can fix your router after Russia hacks it. Or you can replace it before they do.
Stay skeptical. Own your network.