Thousands of Routers Hijacked in Widespread Russian Espionage Campaign

In a concerning development, researchers have uncovered a widespread hacking campaign orchestrated by Russia's military intelligence agency, the GRU. The group, known as APT28 and operating under various other aliases, has managed to compromise an estimated 18,000 to 40,000 consumer routers located in 120 countries, mostly those made by MikroTik and TP-Link.

The sophisticated attack involves using a small number of these hijacked routers as proxies to connect to a much larger network of other routers belonging to foreign ministries, law enforcement agencies, and government entities that the APT group seeks to spy on. By gaining control of these routers, the hackers are able to change the DNS lookups for select websites, including domains associated with Microsoft's 365 service, allowing them to harvest sensitive credentials and tokens for use in espionage campaigns.

This operation demonstrates the technical sophistication of the APT28 group, which has been active for over two decades and is behind numerous high-profile hacks targeting governments worldwide. The group is known by a variety of names, including Pawn Storm, Sofacy Group, Sednit, Tsar Team, Forest Blizzard, and STRONTIUM, showcasing their persistence and adaptability.

The latest revelations underscore the ongoing cybersecurity threats posed by state-sponsored actors like the Russian military. The widespread nature of this campaign, compromising thousands of consumer routers across the globe, highlights the need for robust security measures, regular software updates, and heightened vigilance among both individual and institutional users.

Researchers from Lumen Technologies' Black Lotus Labs, who uncovered this latest operation, emphasize the importance of proactive cybersecurity measures to mitigate the risks posed by such sophisticated and persistent threats. As the digital landscape continues to evolve, the battle against state-sponsored cyber threats remains a critical priority for governments and organizations worldwide.

The revelations from this latest investigation serve as a stark reminder of the ongoing efforts by Russia's military intelligence to infiltrate and exploit vulnerable systems for their own strategic advantage. As the geopolitical landscape remains tense, the need for enhanced cybersecurity vigilance has never been more pressing.