Russian government hackers have hijacked thousands of home and small business routers worldwide. The group, known as Fancy Bear or APT 28, is part of Russia’s GRU intelligence agency. They exploited vulnerabilities in outdated MikroTik and TP-Link routers to redirect victims’ internet traffic. This allowed them to steal passwords and access tokens, bypassing two-factor authentication. Researchers from the UK’s NCSC and Lumen’s Black Lotus Labs detailed the campaign. They report at least 18,000 victims across 120 countries, including government agencies. Microsoft identified over 200 affected organizations. The FBI and a coalition have now disrupted the botnet and taken it offline.
