The FBI may have reset your wireless router remotely; if so, you should replace it

The FBI and NSA jointly announced that Russia has been systematically compromising the security of home and small office routers since at least 2024.

They obtained a court order to allow them to remotely reset thousands of affected devices in the US, but if yours is one of them, it needs to be urgently replaced …

CNET reports.

Federal agencies, including the FBI and NSA, disclosed on April 7 that a unit of Russia’s military intelligence directorate, the GRU group known as APT28 or Fancy Bear, has been systematically compromising home and small office routers since at least 2024, using the access to intercept credentials, authentication tokens and sensitive communications. The agency took the unusual step of remotely resetting thousands of affected US devices under a court order, but officials are warning that without action from individual router owners, the problem is far from solved.

However, the agencies say that the affected routers are no longer receiving security updates and should be replaced.

The good news is that the average 9to5Mac reader is unlikely to be using one of the affected routers as they are so old. The specific model referenced by the FBI was originally launched in 2007, although the UK’s National Cyber Security Centre says that other TP-Link models were targeted. These include:

• TP-Link TL-WR841N
• TP-Link LTE Wireless N Router MR6400
• TP-Link Wireless Dual Band Gigabit Router Archer C5
• TP-Link Wireless Dual Band Gigabit Router Archer C7
• TP-Link Wireless Dual Band Gigabit Router WDR3600
• TP-Link Wireless Dual Band Gigabit Router WDR4300
• TP-Link Wireless Dual Band Router WDR3500
• TP-Link Wireless Lite N Router WR740N
• TP-Link Wireless Lite N Router WR740N/WR741ND
• TP-Link Wireless Lite N Router WR749N
• TP-Link Wireless N 3G/4G Router MR3420
• TP-Link Wireless N Access Point WA801ND
• TP-Link Wireless N Access Point WA901ND
• TP-Link Wireless N Gigabit Router WR1043ND
• TP-Link Wireless N Gigabit Router WR1045ND
• TP-Link Wireless N Router WR840N
• TP-Link Wireless N Router WR841HP
• TP-Link Wireless N Router WR841N
• TP-Link Wireless N Router WR841N/WR841ND
• TP-Link Wireless N Router WR842N
• TP-Link Wireless N Router WR842ND
• TP-Link Wireless N Router WR845N
• TP-Link Wireless N Router WR941ND
• TP-Link Wireless N Router WR945N

Since none of these models are still receiving firmware updates, they remain vulnerable to further attack and should be replaced.

It’s important with any router to ensure that you enable automatic firmware updates and that you change the default admin username and password. Unless you specifically need to remotely access your router, it’s also recommended to disable the remote management feature in the admin settings.

Finally, the FBI specifically recommends that remote workers use a VPN when accessing sensitive data.

• Official Apple Store on Amazon
• Apple’s iPhone cases: iPhone 17 | iPhone 17 Pro and Pro Max | iPhone Air
• Wireless CarPlay adapter (2026 update)
• AirTag holders and accessories
• Mac Pro-style Mac mini casing
• NordVPN – privacy-first VPN with no logs and independent audits to verify

Photo by Jackson Sophat on Unsplash