The US government warns that Russia state hackers are coming after your router16%

By Dan Goodin18%

7/13/2026, 9:03:07 PM

BS Summary: This article contains 0 faulty reasoning types, including no named faulty reasoning patterns yet, with no single egregious example has been isolated yet. Analysis detected 0 faulty-reasoning hits from 499 analyzed words, generating a BS Score of 32.1% and a BS Rank of 16% (12,878 of 15,282 articles). This article is better (less manipulative) than 84.30% of the article peer group.

The federal government is warning users of home and small office routers to secure their devices as Russia state hackers continue to mass-compromise them for use in obscuring nefarious actions against sensitive organizations in the public and private sectors. Both the Russian and Chinese governments have been compromising routers for years, sometimes in prolonged tugs-of-war to wrest control of devices the other has already commandeered. The US government has occasionally issued covert commands and taken other steps to disinfect routers. Google and other companies have also worked to disrupt the massive botnets that control compromised routers in lockstep. The actions to date are little more than whack-a-mole exercises as the operators simply replace their botnets with new ones.

Proxy networks: The go-to tool “Russian Federal Security Service (FSB) Center 16 cyber actors continue to exploit poorly configured and vulnerable networking devices worldwide, opportunistically compromising multiple critical infrastructure sector networks,” the Cybersecurity and Infrastructure Security Agency said Monday. The hacking groups are tracked under various names, including Berserk Bear, Energetic Bear, Crouching Yeti, Dragonfly, Ghost Blizzard, and Static Tundra. The advisory was co-issued by governments from around the world, including Australia, Denmark, New Zealand, and the UK. The primary means of compromise the agency warned about was hackers scanning IP ranges with active Simple Network Management Protocol (SNMP) agents that accept common or default authentication credentials. These scans are run by the very sorts of router botnets the actors are trying to enroll the targeted device in. By sending malicious traffic from spoofed addresses, the hackers can use the SNMP agent on poorly configured routers to run malware. SNMP allows users to collect and organize information about managed networking devices or to modify that information to change device behavior.

With control of a device, the hackers then use it as an exit node when probing or attacking targets in the communications, defense, energy, financial services, and government sectors. By funneling the malicious traffic through a benign-appearing device on a trustworthy IP address, the attackers are able to lower the chances of getting blocked by firewalls and other security defenses. Monday’s advisory made no mention of identical operations carried out in recent years by China. So-called residential proxies are also a go-to tool used by financially motivated criminal hackers to obscure their true IP address. In many cases, these sorts of proxies are made up of millions of streaming devices that are sold with preloaded malware. The agency urged router users to lock down their devices. Chief among the suggestions is to ensure SNMP versions 1 and 2 are disabled, because they don’t encrypt passwords or follow other common-sense security practices. Instead, only SNMP version 3 should be used. A better option is to disable SNMP altogether unless it’s needed for a specific use. Other safeguards include disabling Cisco Smart Install on all devices, using strong passwords, updating firmware regularly, and avoiding the use of other networking protocols.

Confirmation Bias
0%
Anchoring Bias
0%
Availability Heuristic
0%
Representativeness Heuristic
0%
Hindsight Bias
0%
Overconfidence Bias
0%
Framing Effect
0%
Loss Aversion
0%
Status Quo Bias
0%
Sunk Cost Effect
0%
Optimism Bias
0%
Pessimism Bias
0%
Negativity Bias
0%
Self-Serving Bias
0%
Fundamental Attribution Error
0%
Actor-Observer Bias
0%
In-Group Bias
0%
Out-Group Homogeneity Bias
0%
Halo Effect
0%
Horn Effect
0%
Dunning-Kruger Effect
0%
Recency Bias
0%
Primacy Effect
0%
Blind-Spot Bias
0%
Ad Hominem
0%
Straw Man
0%
Appeal to Authority
0%
False Dilemma
0%
Slippery Slope
0%
Circular Reasoning
0%
Hasty Generalization
0%
Red Herring
0%
Bandwagon
0%
Appeal to Emotion
0%
Begging the Question
0%
Post Hoc (False Cause)
0%
Tu Quoque
0%
Burden of Proof
0%
Appeal to Nature
0%
Composition/Division
0%
Anecdotal
0%
No True Scotsman
0%
Ambiguity (Equivocation)
0%
Gambler’s Fallacy
0%
Middle Ground
0%
Personal Incredulity
0%
Special Pleading
0%
Genetic Fallacy
0%
Unattributed Quote
0%
Quote-first Misdirection
0%
Biased Writer Voice
0%
Indoctrination
0%
Politically Left Leaning Bias
0%
Politically Right Leaning Bias
0%
Attempt to Sell a Product or Service
0%

499 words analyzed.

Speakers

1speaker6.8%attributed speech465writer words
0%flagged-word coverage
34 attributed words100% of attributed speech0% writer coverage

No manipulation-pattern hits were found in this speaker's attributed words or the writer's voice.

Attribution is sentence-level. Pattern percentages are calculated only from words assigned to that voice.

Analysis

Hover over highlighted words in the article to view the associated bias or fallacy analysis.