Repairman-Jack
Veteran Member
Ironic he brings up "firmware update" availability but one of the major issues is that the end consumer doesn't maintain the device with the updates and sometimes the vendor is slow patching disclosed vulnerabilities.
TECH FCC Bans Foreign-Made Routers as a 'National Security Risk'
- Thread starter SmithJ
- Start date
Repairman-Jack
Veteran Member
Yes. I'd expect their dream machine/dream router, unifi express and Amplifi lines will be subject to the ban. Their other edge devices, I'm not sure.
Ubiquiti is in a "weird" tier, they're usually refereed to as prosumer grade and target small to medium sized businesses. I've been a fan/user for over a decade, starting with their wireless access points, installed their firewall,POE switch and APs at the fire department.
TheGatherer
Senior Member
I understand Musk is building/built an in the USA factory to manufacture all his chips..
Knoxville's Joker
Has No Life - Lives on TB
And I was looking at buying an openwrt one and unfortunately, made in china. But I can load the firmware and source code myself. ::sigh:: And openwrt one is the best consumer available router with the strongest feature set on the market.
Knoxville's Joker
Has No Life - Lives on TB
I posted on openwrt support forums and there is some interesting information that came out. The below links are the nuts and bolts of the FCC announcement: (I have provided the links, but the text is generally exhaustive.)
https://www.fcc.gov/supplychain/coveredlist
| Covered Equipment or Services* | Date of Inclusion on Covered List |
|---|---|
| Telecommunications equipment produced by Huawei Technologies Company, including telecommunications or video surveillance services provided by such entity or using such equipment. | March 12, 2021 |
| Telecommunications equipment produced by ZTE Corporation, including telecommunications or video surveillance services provided by such entity or using such equipment. | March 12, 2021 |
| Video surveillance and telecommunications equipment produced by Hytera Communications Corporation, to the extent it is used for the purpose of public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes, including telecommunications or video surveillance services provided by such entity or using such equipment. | March 12, 2021 |
| Video surveillance and telecommunications equipment produced by Hangzhou Hikvision Digital Technology Company, to the extent it is used for the purpose of public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes, including telecommunications or video surveillance services provided by such entity or using such equipment. | March 12, 2021 |
| Video surveillance and telecommunications equipment produced by Dahua Technology Company, to the extent it is used for the purpose of public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes, including telecommunications or video surveillance services provided by such entity or using such equipment. | March 12, 2021 |
| Information security products, solutions, and services supplied, directly or indirectly, by AO Kaspersky Lab or any of its predecessors, successors, parents, subsidiaries, or affiliates. | March 25, 2022 |
| International telecommunications services provided by China Mobile International USA Inc. subject to section 214 of the Communications Act of 1934. | March 25, 2022 |
| Telecommunications services provided by China Telecom (Americas) Corp. subject to section 214 of the Communications Act of 1934. | March 25, 2022 |
| International telecommunications services provided by Pacific Networks Corp and its wholly-owned subsidiary ComNet (USA) LLC subject to section 214 of the Communications Act of 1934. | September 20, 2022 |
| International telecommunications services provided by China Unicom (Americas) Operations Limited subject to section 214 of the Communications Act of 1934. | September 20, 2022 |
| Cybersecurity and anti-virus software produced or provided by Kaspersky Lab, Inc. or any of its successors and assignees, including equipment with integrated Kaspersky Lab, Inc. (or any of its successors and assignees) cybersecurity or anti-virus software. | July 23, 2024 |
| Uncrewed aircraft systems (UAS) and UAS critical components produced in a foreign country†† —except, (a) UAS and UAS critical components included on the Defense Contract Management Agency’s (DCMA’s) Blue UAS Cleared List, until January 1, 2027,# (b) UAS critical components that qualify as “domestic end products” under the Buy American Standard, 48 CFR 25.101(a), until January 1, 2027; and (c) devices which have been granted a Conditional Approval by DoW or DHS—and all communications and video surveillance equipment and services listed in Section 1709(a)(1) of the FY25 National Defense Authorization Act (Pub. L. 118-159) | December 22, 2025 Updated: January 7, 2026 Updated: March 18, 2026 |
| Routers^ produced in a foreign country, except routers which have been granted a Conditional Approval by DoW or DHS. | March 23, 2026 |
Basically Specific and mostly Chinese made/owned brands are the ones impacted. Known brands that are long suspected of being a national security concern.
Some concerns are out there on what about firmware updates breaking FCC coverage.
Some concerns were stated on open WRT whether or not the FCC along with other regulatory agencies would actively go out and take possession of violating equipment pieces...
Repairman-Jack
Veteran Member
Authorities disrupt DNS hijacking campaign targeting TP-Link routers
The US Department of Justice has dismantled the American portion of a router-hijacking operation run by Russia’s GRU Unit 26165, also known as APT28, after the group used compromised small office and home office devices to reroute internet traffic and steal credentials.
The FBI carried out the court-approved action as part of “Operation Masquerade,” targeting compromised routers across the United States. Investigators say the attackers exploited known vulnerabilities in internet-exposed TP-Link devices, altered DNS settings, and forced connected systems to use malicious resolvers under their control. This allowed the GRU to monitor DNS traffic and, for selected victims, return fraudulent DNS records that redirected authentication requests to attacker-controlled systems.
The campaign is attributed to APT28, a Russian state-backed threat actor linked to the GRU’s 85th Main Special Service Centre. The group has a long history of cyber-espionage targeting governments, defense, and critical infrastructure. In this operation, compromised routers were used to target individuals and organizations worldwide, including those in military and government sectors.
TP-Link devices were a primary target. The NCSC said attackers likely exploited flaws such as CVE-2023-50224 in models like the WR841N to extract credentials via crafted HTTP requests. With administrative access, attackers modified DHCP/DNS settings so all connected devices would inherit malicious DNS servers. The agency also listed multiple affected TP-Link models, noting the list is likely incomplete.
Lumen’s Black Lotus Labs, which tracks the activity as “FrostArmada,” observed early operations beginning in May 2025, followed by a sharp expansion in August 2025, just one day after a separate NCSC report on related tooling, indicating rapid adaptation by the threat actor.
Microsoft reported that APT28 and its sub-group Storm-2754 compromised thousands of SOHO devices, impacting over 200 organizations and at least 5,000 consumer devices. Lumen’s broader telemetry suggests a larger footprint, with more than 18,000 moderate-confidence victim IPs across 120 countries at the campaign’s peak in December 2025.
After compromising routers, attackers redirected DNS traffic to actor-controlled servers, often using the legitimate dnsmasq utility. Most DNS queries were resolved normally to avoid detection, but requests tied to authentication services, such as Outlook or Office 365, could be selectively redirected to adversary-in-the-middle (AitM) infrastructure. There, attackers intercepted login flows and harvested passwords, emails, and authentication tokens, sometimes by presenting spoofed services or invalid TLS certificates.
Both Microsoft and the NCSC assess the operation as opportunistic at scale but selective in execution. Attackers first compromised a wide pool of routers, then filtered DNS traffic to identify high-value intelligence targets. Targeted domains included Microsoft Outlook services, and Microsoft also observed TLS interception against government systems in Africa.
To counter the threat, the FBI issued commands to affected US routers to collect evidence, restore legitimate DNS settings, and block attacker access. Officials said the operation did not collect user content and did not disrupt normal device functionality. Router owners can reverse the changes via factory reset or manual configuration.
Users and organizations are urged to replace end-of-life routers, apply firmware updates, verify DNS settings, and restrict remote administration interfaces.
The US Department of Justice has dismantled the American portion of a router-hijacking operation run by Russia’s GRU Unit 26165, also known as APT28, after the group used compromised small office and home office devices to reroute internet traffic and steal credentials.
The FBI carried out the court-approved action as part of “Operation Masquerade,” targeting compromised routers across the United States. Investigators say the attackers exploited known vulnerabilities in internet-exposed TP-Link devices, altered DNS settings, and forced connected systems to use malicious resolvers under their control. This allowed the GRU to monitor DNS traffic and, for selected victims, return fraudulent DNS records that redirected authentication requests to attacker-controlled systems.
The campaign is attributed to APT28, a Russian state-backed threat actor linked to the GRU’s 85th Main Special Service Centre. The group has a long history of cyber-espionage targeting governments, defense, and critical infrastructure. In this operation, compromised routers were used to target individuals and organizations worldwide, including those in military and government sectors.
TP-Link devices were a primary target. The NCSC said attackers likely exploited flaws such as CVE-2023-50224 in models like the WR841N to extract credentials via crafted HTTP requests. With administrative access, attackers modified DHCP/DNS settings so all connected devices would inherit malicious DNS servers. The agency also listed multiple affected TP-Link models, noting the list is likely incomplete.
Lumen’s Black Lotus Labs, which tracks the activity as “FrostArmada,” observed early operations beginning in May 2025, followed by a sharp expansion in August 2025, just one day after a separate NCSC report on related tooling, indicating rapid adaptation by the threat actor.
Microsoft reported that APT28 and its sub-group Storm-2754 compromised thousands of SOHO devices, impacting over 200 organizations and at least 5,000 consumer devices. Lumen’s broader telemetry suggests a larger footprint, with more than 18,000 moderate-confidence victim IPs across 120 countries at the campaign’s peak in December 2025.
After compromising routers, attackers redirected DNS traffic to actor-controlled servers, often using the legitimate dnsmasq utility. Most DNS queries were resolved normally to avoid detection, but requests tied to authentication services, such as Outlook or Office 365, could be selectively redirected to adversary-in-the-middle (AitM) infrastructure. There, attackers intercepted login flows and harvested passwords, emails, and authentication tokens, sometimes by presenting spoofed services or invalid TLS certificates.
Both Microsoft and the NCSC assess the operation as opportunistic at scale but selective in execution. Attackers first compromised a wide pool of routers, then filtered DNS traffic to identify high-value intelligence targets. Targeted domains included Microsoft Outlook services, and Microsoft also observed TLS interception against government systems in Africa.
To counter the threat, the FBI issued commands to affected US routers to collect evidence, restore legitimate DNS settings, and block attacker access. Officials said the operation did not collect user content and did not disrupt normal device functionality. Router owners can reverse the changes via factory reset or manual configuration.
Users and organizations are urged to replace end-of-life routers, apply firmware updates, verify DNS settings, and restrict remote administration interfaces.
L.A.B.
Goodness before greatness.
Routers on trains too?
The kind that can carry Intermodal International Cargo?
Hello Congress Critter’s.
PLEASE FULLY FUND DHS CBP.
