{"id":318830,"date":"2026-04-15T04:50:02","date_gmt":"2026-04-14T23:20:02","guid":{"rendered":"https:\/\/ebiztoday.news\/?p=318830"},"modified":"2026-04-15T04:50:02","modified_gmt":"2026-04-14T23:20:02","slug":"1000s-of-consumer-routers-hacked-by-russias-military","status":"publish","type":"post","link":"https:\/\/ebiztoday.news\/index.php\/2026\/04\/15\/1000s-of-consumer-routers-hacked-by-russias-military\/","title":{"rendered":"1000&#8217;s of consumer routers hacked by Russia&#8217;s military"},"content":{"rendered":"<div>\n<p>The Russian military is once more hacking home and small office routers in widespread operations that send unwitting users to sites that harvest passwords and credential tokens to be used in espionage campaigns, researchers said Tuesday.<\/p>\n<p>An estimated 18,000 to 40,000 consumer routers, mostly those made by MikroTik and TP-Link, positioned in 120 countries, were wrangled into infrastructure belonging to APT28, a sophisticated threat group that\u2019s a part of Russia\u2019s military intelligence agency often known as the GRU, researchers from Lumen Technologies\u2019 Black Lotus Labs <a href=\"https:\/\/www.lumen.com\/blog-and-news\/en-us\/frostarmada-forest-blizzard-dns-hijacking\">said<\/a>. The threat group has operated for at the least twenty years and is behind dozens of high-profile hacks targeting governments worldwide. APT28 can be tracked under names including Pawn Storm, Sofacy Group, Sednit, Tsar Team, Forest Blizzard, and STRONTIUM.<\/p>\n<h2>Technical sophistication, tried-and-true techniques<\/h2>\n<p>A small variety of routers were used as proxies to hook up with a much larger variety of other routers belonging to foreign ministries, law enforcement, and government agencies that APT28 desired to spy on. The group then used its control of routers to alter DNS lookups for select web sites, including, Microsoft <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/04\/07\/soho-router-compromise-leads-to-dns-hijacking-and-adversary-in-the-middle-attacks\/\">said<\/a>, domains for the corporate\u2019s 365 service.<\/p>\n<p>\u201cKnown for mixing cutting-edge tools reminiscent of the massive language model (LLM) \u2018LAMEHUG\u2019 with proven, longstanding techniques, Forest Blizzard consistently evolves its tactics to remain ahead of defenders,\u201d Black Lotus researchers wrote. \u201cTheir previous and current campaigns highlight each their technological sophistication and their willingness to revisit classic attack methods even after public exposure, underscoring the continuing risk posed by this actor to organizations worldwide.\u201d<\/p>\n<p>To hijack the routers, the attackers exploited older models that hadn\u2019t been patched against known security vulnerabilities. They then modified DNS settings for select domains and used the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Dynamic_Host_Configuration_Protocol\">Dynamic Host Configuration Protocol<\/a> to propagate them to router-connected workstations. When connected devices visited the chosen domains, their connections were proxied through malicious servers before reaching their intended destination.<\/p>\n<\/p><\/div>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Russian military is once more hacking home and small office routers in widespread operations that send unwitting users to sites that harvest passwords and credential tokens to be used in espionage campaigns, researchers said Tuesday. An estimated 18,000 to 40,000 consumer routers, mostly those made by MikroTik and TP-Link, positioned in 120 countries, were [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":318831,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[3556,12897,18256,18198,20803,11088],"class_list":["post-318830","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-consumer","tag-hacked","tag-military","tag-routers","tag-russias","tag-thousands"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/318830","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/comments?post=318830"}],"version-history":[{"count":2,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/318830\/revisions"}],"predecessor-version":[{"id":318833,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/318830\/revisions\/318833"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/media\/318831"}],"wp:attachment":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/media?parent=318830"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/categories?post=318830"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/tags?post=318830"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}