What seems like a simple gesture of technical maintenance is now a national security recommendation. The US National Security Agency (NSA), in coordination with the FBI and European cybersecurity agencies, has issued an urgent warning: all home and small office users must restart their routers internet access at least once a week.
The measure aims to combat a global cyberespionage campaign carried out by the APT28 group (also known as Fancy Bear), an elite Russian military espionage unit (GRU). This group has been silently ‘recruiting’ routers across Europe to create an attack infrastructure that allows the theft of banking data, access credentials and the monitoring of private communications.
Although the warning has global contours, Europe is in a position of particular vulnerability due to the saturation of brands hardware specific. Recent technical reports indicate that attackers are actively exploiting flaws in devices from TP-Link, one of the best-selling brands in the European market. But in reality all routers are at risk.
Old models in the spotlight
The UK (NCSC) and European Union (ENISA) cybersecurity agencies warn that older, more popular models, such as the TP-Link WR841N, are the most vulnerable. Because these devices rarely receive automatic updates, many users continue to use software versions that are years late, leaving the “door open” for state espionage.
The research details that attackers are taking advantage of the CVE-2023-50224 vulnerability. This security flaw allows hackers external parties to bypass the authentication of the router through malicious HTTP requests, gaining full access to the device’s settings.
Once inside the system, the group Fancy Bear changes DNS settings. In practice, this means that a user in Portugal, when trying to access their email or banking portal, can be redirected to a fake page without any warning, allowing immediate theft of credentials.
By compromising the devices, Russian agents are able to circumvent firewalls traditional, as the malicious traffic appears to originate from a legitimate domestic IP address in cities such as Lisbon, Madrid or Berlin.
Why make one reboot
The recommendation to restart the equipment is not an urban myth. Much of the malware Modern technology used in “zero-click” attacks is non-persistent, meaning it resides only in the computer’s volatile memory (RAM). router. When turning the device off and on again, thememory loss, so the malicious code that was unable to write itself to permanent storage is deleted, interruption of cycles, thus breaking the active connection between the router and the hackers’ command server, as well as aadefenses update: Many devices are looking for upgrades firmware critical during the start-up process.
Secure the network at home
Experts from ENISA (European Union Agency for Cybersecurity) reinforce that, in addition to the weekly restart, users must adopt three fundamental steps:
– Disable remote management, which ensures that the control panel of the router It is not accessible from the public internet.
– Keep the firmware up to date: Check monthly to see if the manufacturer has released security fixes.
– Replace old equipment (legacy): Routers over 5 or 6 years old that no longer receive updates should be replaced, as they are open doors for intrusions.
This “digital hygiene” is nowadays considered essential in a hybrid war scenario, where the router of the house can become, without the user realizing it, a spying tool for an adversary country.
Leave a Reply