The National Security Agency (NSA) is once again advising internet users in the United States to restart their routers, warning that cyber attackers are actively targeting home networks to access sensitive personal data. Reviving guidance first issued in 2023, the agency stresses urgency with a clear message: “Don’t be a victim!" the spy agency says in a 2023 advisory it has directed citizens to again this month. "Malicious cyber actors may leverage your home network to gain access to personal, private, and confidential information.”

The NSA’s alert aligns with a warning from the Federal Bureau of Investigation (FBI), which has revealed that Russia’s military intelligence unit, the GRU, is exploiting insecure routers worldwide. According to officials, these attacks aim to intercept and steal highly sensitive data linked to military, government, and critical infrastructure systems.

Authorities have identified the hacking group APT28, also known as Fancy Bear, as a key actor in these operations. The group has reportedly been targeting vulnerable devices, including routers from brands like TP-Link, by exploiting known flaws such as CVE-2023-50224. Investigators say the attackers are harvesting credentials and compromising devices on a global scale.

The core advice from cybersecurity agencies is straightforward: replace outdated routers that no longer receive support and ensure active devices are regularly updated. However, many users neglect basic security steps—such as changing default passwords, installing firmware updates, or setting up separate guest networks—leaving their systems exposed.

Reinforcing its guidance, the NSA highlights essential practices for securing home networks: “changing default usernames and passwords, disabling remote management interfaces from the Internet, updating to latest firmware versions, and upgrading end-of-support devices.” These measures underscore the importance of not overlooking the router, often quietly running in homes yet posing a significant security risk if ignored.

Additionally, the agency recommends routine device restarts as a simple but effective safeguard. “at a minimum, you should schedule weekly reboots of your routing device, smartphones, and computers. Regular reboots help to remove implants and ensure security.” In practical terms, this means powering devices off and back on regularly—something most users only do when troubleshooting connectivity issues.

While not everyone may be directly targeted by state-sponsored actors like Russia’s military, everyday users remain at risk from the broader surge in cyberattacks, increasingly fueled by advancements in AI technologies. Maintaining good digital hygiene—such as frequent password changes, timely updates, and weekly reboots—can significantly reduce exposure.

Meanwhile, a report from Federal Communications Commission (FCC), highlighted by tech publication PCMag, suggests that new restrictions on foreign-made routers could impact several popular brands. Using data from Ookla’s Speedtest platform, the report identifies which manufacturers dominate the U.S. market and may be affected.

Industry insights from WiFi Now note that most consumer-grade routers available in the U.S. are produced in countries like China, Taiwan, and Vietnam. Major brands include NETGEAR, Google Nest, Eero, and Ubiquiti. Currently, there is little to no domestic manufacturing of such devices in the U.S.

Experts advise users to verify whether their router still receives firmware updates by checking the model details. Regardless of the brand, ensuring devices are secure—and restarting them regularly—remains a crucial step in protecting against evolving cyber threats.