USA disrupts Russian military DNS hijacking network
Network operators and ISPs must inspect and block hijacked router traffic immediately
Change
USA executed a court-authorised disruption on April 7, 2026 of a Domain Name System hijacking network run by Russia's Main Intelligence Directorate of the General Staff (GRU) Military Unit 26165 that used compromised routers to redirect traffic against military, government, and critical infrastructure targets worldwide.
Why it matters
Operators now face an active hostile routing threat that requires immediate containment rather than routine monitoring. Networks must treat traffic from routers linked to Military Unit 26165 as compromised and prioritise emergency filtering and isolation to prevent ongoing interception or service disruption.
Implications
- — Internet service providers' network operations teams — must apply emergency routing filters and blocklists immediately — otherwise compromised routers will continue redirecting traffic and enable ongoing espionage or service outages.
- — Security operations teams at government agencies and critical infrastructure operators — must audit and isolate edge router configurations and deploy mitigations immediately — otherwise their networks risk persistent interception and operational disruption.
Unlock the decision layer.
Know what's at risk and what to do next.
- Implications: What this forces you to change — operations, exposure, or compliance.
- Who is affected: Which roles, contracts, and obligations are exposed.
- What to watch: Binding deadlines and enforcement dates.
- Real-time alerts: Delivered the moment a binding change is published.
- Ask AI: Ask what this means for your specific role.
No credit card · 14-day trial · Active in seconds
Unlock the decision layer