A new global cybersecurity threat has emerged, affecting thousands of internet users and organizations across multiple countries.
A hacking group linked to Russia has reportedly taken control of routers used in homes and small businesses, redirecting internet traffic to steal sensitive information such as passwords and access tokens.
A Widespread Cyber Campaign
The group behind the attack is known as Fancy Bear, also referred to as APT28. It has been active for years and is widely believed to be connected to Russia’s military intelligence agency.
This group has previously been linked to major cyber incidents, including attacks on political organizations and critical infrastructure.
How the Attack Works
According to findings from the National Cyber Security Centre and Black Lotus Labs, the hackers targeted routers with outdated software.
Devices from brands like MikroTik and TP-Link were especially vulnerable due to unpatched security flaws.
Once access is gained, the hackers change the router settings. This allows them to secretly redirect a user’s internet traffic through systems they control.
From there, victims can be sent to fake websites designed to look real, making it easier for attackers to capture login details and gain access to personal or business accounts.
Scale of the Impact
The scale of this operation is significant.
Security researchers estimate that at least 18,000 devices across around 120 countries have been affected. Victims include individuals, businesses, government agencies, and even law enforcement organizations.
Microsoft also reported that thousands of devices and hundreds of organizations were impacted, including some government institutions in Africa.
Response from Authorities
Authorities have started taking action to contain the threat.
The Federal Bureau of Investigation has been involved in efforts to disrupt the network used by the hackers. In collaboration with other partners, several parts of the operation have been taken offline.
The U.S. Department of Justice also confirmed that compromised routers within the United States were secured using court approved measures. This included resetting affected devices and blocking further unauthorized access.
What This Means
This incident highlights a major weakness in everyday internet devices.
Many routers run on outdated software, making them easy targets for attackers. Once compromised, they can be used to monitor activity without the user ever noticing.
For individuals and businesses, this serves as a reminder to regularly update devices, change default passwords, and apply security patches.
As cyber threats continue to evolve, staying proactive is no longer optional. It is essential.
