Warning from UK: Russian cybercriminals hijack routers to steal passwords
Warning from UK: Russian cybercriminals hijack routers to steal passwords
(Image: Gorodenkoff/Shutterstock.com)
Cybercriminals linked to the Russian government are hijacking common internet routers to steal passwords for email accounts and other online services. This is warned by Great Britain's National Cyber Security Centre (NCSC) in a study published on Tuesday.
The British cybersecurity experts announced that suspected Russian attackers are gaining access to routers from manufacturers such as MikroTik and TP-Link to redirect outgoing internet traffic through servers they control. Those affected are at risk of credential theft, data manipulation, and broader security vulnerabilities.
The NCSC holds the group known as Advanced Persistent Threat 28 (APT28), also known as Forest Blizzard, Fancy Bear, STRONTIUM, the Sednit Gang, and Sofacy, responsible. “We assess that APT28 is almost certainly the Russian General Staff Main Intelligence Directorate (GRU) (...)”, the study states. The group is also allegedly responsible for several cyberattacks in Germany, including in 2024 against the German Air Traffic Control and last year against the German Bundestag. In its study, the NCSC also attributes cyberattacks on the German Bundestag in 2015 to the group, including data theft and the disruption of email accounts of members of the Bundestag and the Vice-Chancellor.
Thousands of potential victims
NCSC operations director Paul Chichester told the news agency Bloomberg that the now publicly disclosed attacks on internet routers show that vulnerabilities in common routers can be exploited by sophisticated attackers.
Videos by heise
Bloomberg also reported on research findings on the router attacks by APT28, also published on Tuesday by Black Lotus Labs of IT security provider Lumen Technologies. According to this, thousands of potential victims from at least 120 countries communicating with the cybercriminals' infrastructure were identified. “These attacks primarily targeted government agencies, including foreign ministries, law enforcement agencies, and third-party email service providers,” the report, seen by Bloomberg, states.
The vulnerability of internet routers to cyberattacks has recently come into sharper focus. At the end of March, the US regulatory authority Federal Communications Commission (FCC) banned the sale of new routers for the consumer market if they are not manufactured in the USA in a widely noted move. The authority justified the comprehensive ban with national security concerns.
(akn)
