Home / Technology / Russian Hackers Hijack Routers for Espionage
Russian Hackers Hijack Routers for Espionage
14 Jun
Summary
- Russian hackers exploited old routers to steal logins.
- FBI disrupted the U.S. portion of the network in April.
- Users must update routers or replace unsupported devices.
Federal officials have revealed that a Russian military intelligence hacking group, identified as APT28, Fancy Bear, and Forest Blizzard, orchestrated an espionage operation by exploiting vulnerable small office and home office routers. These outdated devices were manipulated to redirect internet traffic through servers controlled by the hackers. This allowed them to monitor valuable targets and illicitly obtain sensitive login credentials and other data.
The U.S. Justice Department and FBI announced in April that they had disrupted the U.S. segment of this compromised network. Despite this intervention, the threat persists as many users continue to employ routers that are no longer supported by manufacturers. This lack of support leaves known security vulnerabilities exposed, creating an easy entry point for malicious actors.
Exploited routers, such as various TP-Link models including the WR841N, had their DNS settings altered. This DNS manipulation is akin to controlling the internet's address book, enabling hackers to reroute traffic and steal information without obvious signs of compromise to the user. Many of these targeted routers have reached their end-of-service life and no longer receive security updates, making them a significant weak spot.
TP-Link acknowledged awareness of the issue, stating that the affected legacy models are outside their standard maintenance lifecycle. While they have provided security updates for select models where feasible, they strongly advise customers to upgrade to currently supported hardware that receives regular security updates. Essential precautions include updating firmware, disabling remote management, and restricting access to trusted internal networks.
Protecting oneself involves several key steps: checking router models for support status, regularly updating firmware, changing default admin passwords, and disabling remote management features unless absolutely necessary. For those working from home or handling sensitive data, using a VPN and robust antivirus software adds crucial layers of defense. Ultimately, replacing unsupported routers is paramount, as a compromised router can jeopardize all connected devices, including computers, smartphones, and smart TVs.
