Joint Advisory: Russian GRU Exploiting Vulnerable Routers to Steal Sensitive Information
Summary
Russian GRU threat actors are actively exploiting vulnerable SOHO routers to intercept and steal sensitive military, government, and critical infrastructure information worldwide, according to a joint advisory from the Cyber Centre, FBI, NSA, and international partners. International law enforcement has disrupted a GRU network of compromised SOHO routers used to facilitate malicious DNS hijacking operations. Network defenders and device owners are urged to remediate vulnerable edge devices by upgrading end-of-support hardware, applying latest firmware updates, changing default credentials, and disabling internet-facing remote management interfaces.
“Russian GRU threat actors are exploiting vulnerable routers to intercept and steal sensitive military, government, and critical infrastructure information.”
Organizations operating SOHO routers or edge networking devices should treat this advisory as a priority action item. Specifically, IT security teams should audit device inventories for end-of-support hardware, verify that latest firmware versions are deployed across all edge devices, confirm that default administrative credentials have been changed, and ensure remote management interfaces are not exposed to the internet. The international law enforcement disruption referenced in the advisory suggests active investigations that may yield further operational intelligence worth monitoring.
About this source
GovPing monitors Canada CCCS News for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 2 changes logged to date.
What changed
The Cyber Centre and domestic and international partners have issued a joint advisory warning that Russian GRU threat actors are exploiting vulnerable SOHO routers to intercept and steal sensitive military, government, and critical infrastructure information. International law enforcement recently disrupted a GRU network of compromised routers used for malicious DNS hijacking. Organizations operating edge devices should immediately apply firmware updates, replace end-of-support hardware, change default credentials, and disable internet-accessible remote management interfaces to reduce their attack surface against this threat activity.
What to do next
- Upgrade end-of-support devices
- Update to latest firmware versions
- Change default usernames and passwords
- Disable remote management interfaces from the Internet
Archived snapshot
Apr 23, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
Joint advisory on Russian GRU exploiting vulnerable routers to steal sensitive information
The Canadian Centre for Cyber Security (Cyber Centre) has joined the United States’ Federal Bureau of Investigation (FBI), the National Security Agency (NSA) and other domestic and international partners in releasing a cyber security advisory on Russian General Staff Main Intelligence Directorate (GRU) exploiting vulnerable routers worldwide.
This joint advisory warns that Russian GRU threat actors are exploiting vulnerable routers to intercept and steal sensitive military, government, and critical infrastructure information. International law enforcement partners recently disrupted a GRU network of compromised small-office home-office (SOHO) routers used to facilitate malicious Domain Name System (DNS) hijacking operations.
This joint advisory aims to alert network defenders and device owners and encourage them to take actions to remediate and reduce the attack surface of similar edge devices. Users of SOHO routers are encouraged to:
- upgrade end-of-support devices
- update to latest firmware versions
- change default usernames and passwords
- disable remote management interfaces from the Internet Consult the full joint advisory: Russian GRU exploiting vulnerable routers to steal sensitive information
Related guidance
- Security considerations for edge devices (ITSM.80.101)
- Five Eyes publish series to sound alarm on cyber security threats to edge devices Date modified:
2026-04-02
Related changes
Get daily alerts for Canada CCCS News
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CCCS.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when Canada CCCS News publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.