Thousands of consumer routers hacked by Russia's military
The article reveals a large-scale hacking operation by the Russian military targeting consumer routers worldwide. It emphasizes the vulnerabilities of outdated technology and the implications for cybersecurity.
Researchers from Lumen Technologies’ Black Lotus Labs have revealed that the Russian military's advanced threat group APT28 has hacked thousands of consumer routers, primarily from MikroTik and TP-Link, across 120 countries. This operation, which began in May 2025, exploits outdated router models lacking necessary security patches, allowing attackers to manipulate DNS settings and redirect users to malicious sites that harvest sensitive data, including passwords and OAuth tokens. The scale of the attack is significant, with over 290,000 distinct IP addresses querying a malicious DNS resolver, often without users' knowledge. Many were only alerted by browser warnings about untrusted connections, which were frequently ignored. APT28 employs sophisticated tactics, including adversary-in-the-middle techniques and advanced tools like the large language model 'LAMEHUG', to enhance their cyber espionage efforts. This campaign underscores the vulnerabilities of end-of-life technology and the critical need for robust cybersecurity measures to protect against state-sponsored hacking, highlighting the ongoing risks posed by AI in facilitating such sophisticated cyber threats.
Why This Matters
This article highlights the significant cybersecurity risks posed by state-sponsored hacking, particularly through the exploitation of outdated technology. The widespread nature of the attack affects individuals and organizations globally, emphasizing the need for vigilance in cybersecurity practices. Understanding these risks is crucial for developing effective defenses against similar threats in the future.