John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Operation Masquerade is over. The FBI, authorized by a federal court, reached into privately owned TP-Link routers across 23 US states, collected forensic evidence of APT28 activity, reset DNS settings that had been silently redirected to GRU servers, and blocked the original exploit path. The changes are reversible. ISPs are notifying affected customers.
It worked. Now think about what it means.
This is the third time the US government has done this. VPNFilter in 2018. Cyclops Blink in 2022. Operation Masquerade in 2026. Same target type, SOHO and consumer routers. Same adversary. Larger scale each time.
The legal controls are real: court authorization, no content access, tested against actual TP-Link firmware in a lab beforehand. The DOJ took this seriously. And still: the FBI sent commands to hardware inside private homes whose owners found out after the fact, through their ISPs.
US Attorney David Metcalf put it directly: “Russian military intelligence once again hijacked Americans’ hardware to commandeer critical data. In the face of continued aggression by our nation-state adversaries, the US government will respond just as aggressively.”
Nobody is arguing Russia should be allowed to run a botnet through American living rooms. That’s not the question. The question is what framework three court-authorized operations in eight years builds over time, and whether that framework stays bounded to clearly justified cases.
The FBI fixed 23 states. Tens of millions of devices out there have the same vulnerabilities right now, default credentials, years-old firmware, hardware the manufacturer stopped supporting. No court orders are coming for those. The operation addressed an acute case. The chronic condition is unchanged.