A group of Russian government hackers, known as Fancy Bear or APT 28, has taken control of thousands of home and small business routers globally in an effort to redirect internet traffic for stealing passwords and access tokens. This recent operation was highlighted by security researchers and government authorities on Tuesday.
Fancy Bear has a notorious history of high-profile cyberattacks, including the breach of the Democratic National Committee in 2016 and the significant assault on satellite provider Viasat in 2022. This group is believed to be linked to the Russian military intelligence agency, GRU.
According to the U.K.’s National Cyber Security Centre (NCSC) and Lumen’s Black Lotus Labs, the hackers specifically targeted unpatched routers made by MicroTik and TP-Link, exploiting known vulnerabilities. Many compromised routers were found to be using outdated software, leaving their owners oblivious to the ongoing remote attacks.
The NCSC noted that the group’s approach appears to be opportunistic, casting a wide net to identify potential targets before focusing on those of greater intelligence interest. The hackers altered router settings to redirect the victims’ internet traffic to malicious servers under their control. This enabled the hackers to lead victims to counterfeit websites and capture their login credentials, bypassing the need for two-factor authentication.
This campaign is believed to have affected around 18,000 victims across 120 countries, targeting a diverse range of entities, including government agencies, law enforcement bodies, and email providers, particularly in North Africa, Central America, and Southeast Asia.
In a separate revelation, Microsoft reported that more than 200 organisations and over 5,000 consumer devices were impacted, including at least three governmental agencies in Africa. The FBI is anticipated to announce the seizure of multiple domains used in these operations and, in collaboration with Lumen, has successfully disrupted the associated botnet.
A spokesperson for the FBI has yet to respond to inquiries regarding this matter.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
