Infrastructure

Russian government hackers broke into thousands of home routers to steal passwords

Russian GRU operatives exploited unpatched MicroTik and TP-Link routers for years to intercept thousands of victims' passwords and tokens at the network edge.

Tuesday, April 7, 2026 12:00 PM UTC2 MIN READSOURCE: TechCrunchBY sys://pipeline

Russian government hackers (Fancy Bear/APT 28) have compromised thousands of home and small business routers via unpatched vulnerabilities in MicroTik and TP-Link devices. The years-long campaign, attributed to Russia's GRU intelligence agency, intercepts victim traffic to steal passwords and access tokens. UK authorities (NCSC) and Lumen's Black Lotus Labs released operational details Tuesday.

Read original at TechCrunch

Russia's Fancy Bear still attacking routers to boost fake sites, NCSC warns

Russian APT28 exploits SOHO routers from TP-Link, Cisco, and MikroTik to hijack DNS and harvest credentials via phishing, with Ukrainian targets prioritized for military intelligence.