The UK's National Cyber Security Centre (NCSC) has warned that Russian hackers are exploiting commonly sold internet routers to harvest information for espionage purposes. The attacks, attributed to the group APT28 (also known as Fancy Bear), are believed to be linked to Russian intelligence services.
According to the NCSC, the operations are opportunistic, targeting a wide pool of victims and filtering down to those of potential intelligence value. Alan Woodward, a professor at the University of Surrey, explained that compromised routers could redirect users to fake sites, steal credentials, and allow attackers to access other devices on the network, such as phones and PCs.
The warning follows a pattern of cyber-actors targeting edge devices like routers and security cameras, which often act as weak points in home and small business networks. Woodward emphasised the importance of keeping routers updated and monitoring for unusual activity, as many devices are neglected after initial setup.
APT28 was previously linked to cyber-attacks on the German parliament in 2015, where large amounts of data were stolen. The NCSC stated the group is 'almost certainly' connected to Russian intelligence. The US recently banned the sale of foreign-made consumer routers, citing national security risks, though experts note that existing vulnerable routers remain a significant concern.
