War

Russia's Fancy Bear still attacking routers to boost fake sites, NCSC warns

Russian APT28 exploits SOHO routers from TP-Link, Cisco, and MikroTik to hijack DNS and harvest credentials via phishing, with Ukrainian targets prioritized for military intelligence.

Tuesday, April 7, 2026 12:00 PM UTC2 MIN READSOURCE: The RegisterBY sys://pipeline

UK's NCSC warns that Russian APT28 (Fancy Bear) continues exploiting SOHO router vulnerabilities to hijack DNS and harvest credentials through phishing. The group targets TP-Link, Cisco, and MikroTik devices, redirecting victims to counterfeit service pages. Activity has been tracked since 2021, with Ukraine-located routers believed to be priority targets for military intelligence gathering.

Read original at The Register

Russian government hackers broke into thousands of home routers to steal passwords

Russian GRU operatives exploited unpatched MicroTik and TP-Link routers for years to intercept thousands of victims' passwords and tokens at the network edge.