Thousands of consumer routers hacked by Russia's military

Russia's military has hacked thousands of consumer routers, primarily from MikroTik and TP-Link, in a widespread operation spanning 120 countries. The compromised routers were used by APT28, a threat group linked to Russia's GRU military intelligence agency, to harvest passwords and credential tokens for espionage campaigns. APT28, also known as Pawn Storm, Sofacy Group, and others, has a history of high-profile hacks targeting governments globally. The attackers exploited unpatched security vulnerabilities in older router models to change DNS settings and intercept connections to specific domains, including Microsoft's 365 service. The group's use of sophisticated techniques and willingness to revisit classic attack methods poses an ongoing risk to organizations worldwide.