Reports
Analytics
Investigations

USD

78.75

EUR

91.03

OIL

95

Donate

164

 

 

 

 

News

Hackers from the GRU-linked Fancy Bear group are infiltrating routers to steal passwords from government agencies

The Insider
Доступно на русском
Illustration

The Russian military intelligence-linked cyber group APT28 (Fancy Bear) is hacking routers made by popular manufacturers in order to steal passwords to mailboxes and other online services, Bloomberg reports, citing the UK's National Cyber Security Centre. According to the British agency, APT28 operates in the interests of Russia's military intelligence service, the GRU.

British cybersecurity experts have observed that alleged Russian threat actors are targeting routers manufactured by MikroTik and TP-Link. Once they gain access to the devices, the hackers modify their settings so that outgoing internet traffic is routed through servers under their control. Attacks of this kind put victims at risk of credential theft, data manipulation, and broader system compromise, the NCSC warning states.

Paul Chichester, the center’s chief operating officer, said the malicious activity clearly demonstrates that vulnerabilities in widely used network devices can be exploited by hostile actors. Alongside the NCSC publication, the U.S. company Lumen Technologies released its own study of APT28’s router-hacking campaign. Experts identified thousands of potential victims residing in at least 120 countries. The report states:

“These operations primarily targeted government agencies — including ministries of foreign affairs, law enforcement and third-party email providers.”

As Bloomberg reports, last month the U.S. Federal Communications Commission banned the sale of new foreign-made consumer routers in the country, calling them a “supply-chain vulnerability” that could pose a “severe cybersecurity risk that could be leveraged to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons.”

Last year, France accused GRU hackers from the APT28 group of attacks on its critical infrastructure, as detailed in the CERT-FR report covering 2021 to 2024. It was established that the group is linked to GRU unit 26165 — information later confirmed by the U.S. Department of Justice, which filed official charges against its members.

See also

We really need your help

Subscribe to donations

Subscribe to our Sunday Digest

By subscribing, you agree to The Insider's Terms of Service and Privacy Policy, as well as Google's reCAPTCHA terms (Privacy Policy, Terms of Service).

Popular

  1. Unraveling Havana Syndrome: New evidence links the GRU's assassination Unit 29155 to mysterious attacks on U.S. officials and their families
  2. Lost in translation: How Russia’s new elite hit squad was compromised by an idiotic lapse in tradecraft
  3. The Czech illegals: Husband and wife outed as GRU spies aiding bombings and poisonings across Europe
  4. A most wanted man: Fugitive Wirecard COO Jan Marsalek exposed as decade-long GRU spy
  5. The Lab: How FSB chemical weapons experts tried to poison Alexei Navalny

Subscribe to our Sunday Digest

By subscribing, you agree to The Insider's Terms of Service and Privacy Policy, as well as Google's reCAPTCHA terms (Privacy Policy, Terms of Service).

Investigation Topics
Fakesperts
Subscribe to our Sunday Digest
Subscribe to RSS Feed
About the project