The UK National Cyber Security Centre (NCSC) warned that Russia's GRU military intelligence agency is hijacking home and small office routers. The hacking group APT28, also known as Fancy Bear, is conducting this widespread cyber-espionage campaign. These hackers exploit devices with weak security settings to steal credentials and spy on victims.
The operation targets TP-Link and MikroTik models by leveraging vulnerabilities like default passwords. Hackers alter DNS settings to redirect internet traffic through malicious servers. This allows for adversary-in-the-middle attacks to intercept data and steal Microsoft 365 logins.