Thousands of consumer routers hacked by Russia's military

What Happened

The Russian military is once again hacking home and small office routers in widespread operations that send unwitting users to sites that harvest passwords and credential tokens for use in espionage campaigns, researchers said Tuesday.

Why It Matters

An estimated 18,000 to 40,000 consumer routers, mostly those made by MikroTik and TP-Link, located in 120 countries were wrangled into infrastructure belonging to APT28, an advanced threat group that’s part of Russia’s military intelligence agency known as the GRU, researchers from Lumen Technologies' Black Lotus Labs said.

Key Details

  • The threat group has operated for at least two decades and is behind dozens of high-profile hacks targeting governments worldwide.
  • APT28 is also tracked under names including Pawn Storm, Sofacy Group, Sednit, Tsar Team, Forest Blizzard, and STRONTIUM.
  • Technical sophistication, tried-and-true techniques A small number of routers were used as proxies to connect to a much larger number of other routers belonging to foreign ministries, law enforcement, and government agencies that the APT wanted to spy on.
  • The group then used its control of routers to change DNS lookups for select websites, including, Microsoft said, domains for the company’s 356 service.Read full article Comments

Background Context

The Russian military is once again hacking home and small office routers in widespread operations that send unwitting users to sites that harvest passwords and credential tokens for use in espionage campaigns, researchers said Tuesday. An estimated 18,000 to 40,000 consumer routers, mostly those made by MikroTik and TP-Link, located in 120 countries were wrangled into infrastructure belonging to APT28, an advanced threat group that’s part of Russia’s military intelligence agency known as the GRU, researchers from Lumen Technologies' Black Lotus Labs said. The threat group has operated for at least two decades and is behind dozens of high-profile hacks targeting governments worldwide. APT28 i

What To Watch Next

Track official statements, independent verification, and regional impact updates in the next 24 to 48 hours.

Editorial Next Step

Add your local context, fact checks, quotes, and analysis before or after publication.

Source: Ars Technica – All contentOriginal Link

Source: Ars Technica – All content

Related Posts

Leave a Reply