Russian government hackers broke into thousands of home routers to steal passwords

A radical of Russian authorities hackers person hijacked thousands of location and tiny concern routers astir the satellite arsenic portion of an ongoing run aimed astatine redirecting victim’s net postulation to bargain their passwords and entree tokens, information researchers and authorities authorities warned connected Tuesday.

This is the latest maneuver by the long-running Russian hacking radical known arsenic Fancy Bear, oregon APT 28, known for its high-profile hacks and spying operations, including the breach of the Democratic National Committee successful 2016 and the destructive hack that deed outer supplier Viasat successful 2022. Fancy Bear is wide believed to beryllium portion of Russia’s quality bureau GRU.

The hacking radical targeted unpatched routers made by MicroTik and TP-Link utilizing antecedently disclosed vulnerabilities according to the U.K. government’s cybersecurity unit NCSC and Lumen’s probe limb Black Lotus Labs, which released caller details of the run Tuesday. 

According to the researchers, the hackers were capable to spy connected ample numbers of radical implicit the people of respective years by compromising their routers, galore of which tally outdated software, leaving them susceptible to distant attacks without their owners’ knowledge. 

The NCSC said that these operations are “likely opportunistic successful nature, with the histrion casting a wide nett to scope galore imaginable victims, earlier narrowing successful connected targets of quality involvement arsenic the onslaught develops.” 

Per the researchers and authorities advisories, the Russian hackers hacked routers to modify the device’s settings truthful that the victim’s net requests are surreptitiously passed to infrastructure tally by the hackers. This allows the hackers to redirect victims to spoof websites nether their control, past bargain passwords and tokens that fto the hackers log successful to that victim’s online accounts without needing their two-factor authentication codes.

Black Lotus Labs said that Fancy Bear compromised astatine slightest 18,000 victims successful astir 120 countries, including authorities departments, instrumentality enforcement agencies, and email providers crossed North Africa, Central America, and south-east Asia.

Microsoft, which besides released details of the run connected Tuesday, said in a blog post that its researchers identified implicit 200 organizations and 5,000 user devices affected by these hacking operations, including astatine slightest 3 authorities organizations successful Africa. 

The FBI is expected to denote the takedown of respective domains utilized successful this run by the hackers. Lumen said it was portion of a coalition, including the FBI, that disrupted the botnet and took it offline.

A spokesperson for the FBI did not respond to requests for remark anterior to publication.

Topics