Russian Fancy Bear Hackers Hijack Thousands of Home Routers Globally

Russian government hackers hijacked thousands of home and small-office routers worldwide to redirect traffic and steal credentials.

“A large-scale campaign by Forest Blizzard, a Russian military-linked threat actor, targeting home and small-office routers to hijack DNS traffic and intercept encrypted communications with over 200 organizations and 5,000 consumer devices already compromised”

CyberSecurityNews

The campaign targeted unpatched MikroTik and TP-Link devices using known vulnerabilities and default credentials.

CyberSecurityNews

The U.K.'s NCSC confirmed spying had been carried out since 2024.

Microsoft identified at least 18,000 networks compromised globally.

Victims continued using their networks normally while attackers invisibly proxied traffic through Russian-controlled infrastructure.

Attackers redirected victim internet requests to spoof websites under their control, harvesting passwords and tokens.

The infiltration did not require installing malware on endpoints.

Gadget Review

Discovered victims included government agencies and law enforcement.

The DOJ, FBI, NSA, GCHQ, and international partners executed coordinated operations to neutralize the botnet.

“Russian hacking group APT28 has been exploiting vulnerable internet routers to redirect traffic through attacker-controlled servers and steal credentials from targeted organizations, the UK government has warned”

Infosecurity Magazine

Court-authorized operations remotely deleted malware and blocked re-access pathways.

The campaign elevated consumer-grade hardware to a front-line battlefield of cyber espionage.