Business Router Security in the Age of Cyberwarfare

---

Business router security used to sound like a back-office IT chore. Today, it belongs in the same conversation as cyberwarfare, AI-driven attacks, critical infrastructure, and small-business survival.

That may sound dramatic, but it is not exaggeration. The FBI and NSA recently warned that Russian GRU-linked cyber actors have been compromising small-office and home-office routers since at least 2024. According to 9to5Mac, the FBI even obtained a court order to remotely reset thousands of affected routers in the United States. However, officials warned that many affected routers are no longer receiving security updates and should be replaced, not just rebooted.

This is where the “war of the worlds” between nations reaches Main Street.

Cyber conflict does not stay neatly contained inside government buildings, military networks, or large corporations. The internet does not work that way. A vulnerable router in a small office, dental clinic, local nonprofit, contractor’s shop, or home-based business can become part of a much larger battlefield.

The cyber “bullets” can stray far from the original target.

---

Why foreign cyber conflict reaches micro businesses

Foreign cyber operations often target governments, defense groups, logistics companies, utilities, and critical infrastructure. However, attackers do not always start at the front door. They look for softer side doors.

That includes old routers.

The UK National Cyber Security Centre reported that APT28, also known as Fancy Bear or Forest Blizzard, exploited routers to change DNS settings. That allowed traffic to pass through attacker-controlled systems and created opportunities for adversary-in-the-middle attacks. Those attacks can harvest passwords, OAuth tokens, and other login material.

In plain English, attackers can tamper with the directions your router gives to your devices.

Your laptop thinks it is going to the right place. Your email app thinks it is connecting normally. Your browser may look routine. However, the network path may have been quietly manipulated.

That matters to micro businesses because small companies often use the same internet connection for everything: business email, payment systems, file storage, customer data, remote work, vendor portals, payroll, and cloud apps.

One weak router can touch every part of the business.

---

Infrastructure is not out of bounds anymore

Modern conflict does not always begin with missiles, tanks, or troop movements. It can begin with account theft, router compromise, email interception, supply-chain disruption, or manipulation of internet traffic.

Infrastructure is not out of bounds in this environment.

Power companies, water systems, transportation networks, hospitals, manufacturers, schools, local governments, and small vendors all sit inside the same connected economy. Even when a micro business is not the main target, it can become useful to attackers.

A compromised router can help attackers hide their location. It can route malicious traffic. It can help them collect information. It can become one more node in a larger operation. In some cases, the small business may never know its equipment played a role.

That is the uncomfortable lesson: cyberwarfare does not require your business to be important. It only requires your equipment to be useful.

---

AI raises the pressure

AI does not magically make every attacker brilliant. That assumption would be sloppy. However, AI can help scale parts of the attack process.

Attackers can use automation and AI-assisted workflows to scan for exposed devices, sort targets, generate phishing messages, analyze stolen data, and move faster. As a result, old “set it and forget it” technology becomes a bigger liability.

Routers are especially easy to neglect. They sit in closets, behind desks, on shelves, or near a modem. Nobody thinks about them until the internet goes down.

That is a problem.

If the router no longer receives firmware updates, it can keep working while known security flaws remain open. The device may look healthy while quietly becoming a risk.

---

Routers currently listed as targeted

As of May 16, 2026, the current public list from the UK NCSC includes the following TP-Link router models targeted by APT28. NCSC also warns that the list is likely not exhaustive.

• TP-Link LTE Wireless N Router MR6400
• TP-Link Wireless Dual Band Gigabit Router Archer C5
• TP-Link Wireless Dual Band Gigabit Router Archer C7
• TP-Link Wireless Dual Band Gigabit Router WDR3600
• TP-Link Wireless Dual Band Gigabit Router WDR4300
• TP-Link Wireless Dual Band Router WDR3500
• TP-Link Wireless Lite N Router WR740N
• TP-Link Wireless Lite N Router WR740N/WR741ND
• TP-Link Wireless Lite N Router WR749N
• TP-Link Wireless N 3G/4G Router MR3420
• TP-Link Wireless N Access Point WA801ND
• TP-Link Wireless N Access Point WA901ND
• TP-Link Wireless N Gigabit Router WR1043ND
• TP-Link Wireless N Gigabit Router WR1045ND
• TP-Link Wireless N Router WR840N
• TP-Link Wireless N Router WR841HP
• TP-Link Wireless N Router WR841N
• TP-Link Wireless N Router WR841N/WR841ND
• TP-Link Wireless N Router WR842N
• TP-Link Wireless N Router WR842ND
• TP-Link Wireless N Router WR845N
• TP-Link Wireless N Router WR941ND
• TP-Link Wireless N Router WR945N

The FBI and partner agencies recommend upgrading end-of-support devices, updating firmware, changing default usernames and passwords, and disabling remote management from the internet. They also recommend that organizations review how remote workers access sensitive data.

---

What small businesses should do now

First, identify your router model. Do not guess. Check the label, admin dashboard, or purchase record.

Next, check whether the manufacturer still supports that model. If it is end-of-life, replace it. A reboot may help remove temporary compromise, but it does not restore security support.

Then, update firmware. Many small businesses update phones and laptops but ignore routers for years. That gap gives attackers room to work.

Also, change the router admin password. Do not reuse a common company password. Store the new password in a secure password manager.

After that, disable remote management unless there is a specific, secured business reason to keep it on.

Finally, review your network as a whole. Separate guest Wi-Fi from business devices. Confirm that backups work. Require multi-factor authentication. Review remote access. Document your equipment. Set a replacement schedule.

---

The STS Perspective

SofTouch Systems does not believe every small business needs enterprise complexity. However, every small business does need basic network discipline.

Cyberwarfare may sound distant, but its tools can land on your doorstep through an old router, a reused password, an unpatched device, or a careless remote access setting.

That is why No-Surprise IT matters. You should know what equipment you have, what is supported, what is patched, and what needs to be replaced before attackers find it first.

STS helps small Texas businesses review routers, network security, endpoint protection, passwords, backups, remote access, and monitoring. We keep the process practical and clear.

If you are unsure whether your router is still safe, do not wait for a breach, outage, or government alert. Schedule an IT evaluation with SofTouch Systems and find out where your network stands.

---

*Affiliate note: SofTouch Systems may earn a itty bitty commission if you purchase through this link. We recommend tools we believe can help small businesses improve everyday security.

---

FAQ: Business Router Security and Cyber Threats