Russian hackers infiltrated thousands of home routers and maybe yours was one too
The cyberattack was carried out by a group of hackers called Fanct Bear, which has had the support of the Kremlin for years
If you have a router at home or in your office and you haven't updated it in a while, there's something you should know. Hackers linked to the Russian government managed to compromise thousands of home and small business routers around the world in a massive espionage campaign that just came to light this Tuesday. The operation isn't new; it's been active for years, and the worst part is that most of the victims weren't even aware of it. The Kremlin's elite hacking group strikes again. Behind this attack is Fancy Bear, also known as APT 28, the hacking group that works for the Russian military intelligence agency, the GRU. This is no ordinary name in the world of cybersecurity: they are the same group that hacked the Democratic National Committee in 2016 and were responsible for the destructive attack against satellite provider Viasat in 2022. This time, their target was quieter but just as dangerous. Fancy Bear directly targeted unpatched routers from the MicroTik and TP-Link brands, exploiting known and documented vulnerabilities that, unfortunately, millions of users never bothered to fix. The alert was issued jointly by the NCSC (the UK government's cybersecurity unit) and Black Lotus Labs, the research arm of Lumen Technologies.
What was the hackers' goal in accessing your router?
This is where it gets technical, but try to follow along because it's important to understand how this worked. The hackers didn't need to directly access your computer or phone. Instead, they compromised the router—that little gadget you've probably had tucked away in a corner of your house for years.
Once inside the router, they modified its settings so that all your internet traffic would first pass through servers under the hackers' control. The result? Without you even noticing, you could be logging into a fake version of your bank, email, or any other online service. And on those fake sites,Your passwords and access tokens were directly exposed to attackers.
The most alarming thing is that this method also allowed them to bypass two-factor authentication (2FA), one of the most highly recommended security mechanisms. By stealing the session token, hackers could log into your accounts without needing the code sent to your phone.
What can you do right now to protect yourself?
Don't panic, but do take action. Here's what you should do today:
The reality is that most people don't think of their router as a point of vulnerability, and that's exactly what groups like Fancy Bear exploit. While you're worrying about antivirus software on your laptop, they're already inside the gateway to your entire network. It's time to change that.