The UK's National Cyber Security Centre (NCSC) has warned that Russian hackers are exploiting commonly sold internet routers to gather intelligence. The attacks, attributed to the group APT28 or Fancy Bear, are believed to be linked to Russian intelligence services.
Alan Woodward, a professor at the University of Surrey, explained that compromised routers could allow attackers to steal credentials, redirect users to fake websites, and access other devices on the network, such as phones and PCs. He stressed the importance of staying alert for unusual activity.
The NCSC stated that the operations are opportunistic, targeting a wide pool of victims before filtering for those of potential intelligence value. This follows a pattern of cyber-actors targeting edge devices like routers and security cameras, which often serve as weak points in home and small business networks.
Woodward noted that routers are frequently forgotten and can become vulnerable if not updated. He advised small businesses and individuals to monitor for unusual network activity and keep routers updated to mitigate risks.
The US recently banned the sale of foreign-made consumer routers, citing national security risks. However, experts argue that this does not address vulnerabilities in existing devices, many of which are outdated and no longer receive security updates.
