2026-04-15 · nsa
NSA joined the FBI in warning about Russian GRU activity targeting vulnerable routers. The campaign uses compromised edge devices to hijack DNS and steal sensitive information. That kind of attack is a reminder that the network edge is not a safe place to keep trust or critical data.
The advisory says GRU-linked actors exploited vulnerable SOHO routers, including TP-Link devices, to compromise credentials and manipulate DNS traffic. The guidance recommends updating firmware, disabling remote management, and replacing end-of-support devices.
Router compromise can quietly redirect traffic, intercept credentials, and expose everything downstream. Once the edge is owned, the attacker often gets a persistent foothold that is hard to detect and harder to evict.
Cold storage keeps the most important secrets and recovery material away from compromised edge devices. If your backups, seed material, or recovery keys live on the router-adjacent network, you have already lost the containment game.
Read Original Post →