Russia's military intelligence group APT28 has compromised 18,000-40,000 consumer routers worldwide, primarily MikroTik and TP-Link devices, to redirect users to credential-harvesting sites. The campaign exploits older router vulnerabilities to create proxy infrastructure targeting government agencies and foreign ministries. This represents a sophisticated blend of traditional techniques with advanced tools including AI language models for espionage operations.
Background
APT28 (also known as Fancy Bear or Forest Blizzard) is a Russian state-sponsored hacking group that has been active for over two decades, known for targeting government and military organizations worldwide. Consumer routers are often targeted because they typically receive less security attention than enterprise equipment.
- Source
- Ars Technica
- Published
- Apr 8, 2026 at 07:00 PM
- Score
- 9.0 / 10