UK warns Russian hackers are hijacking popular routers to steal credentials

The United Kingdom has issued an alert that Russian state-sponsored hackers are compromising widely used internet routers to steal passwords and redirect traffic for intelligence gathering. APT28, a hacking group linked to Russian military intelligence, is actively targeting routers from manufacturers including MikroTik, TP-Link, and other popular brands found in homes and small businesses, according to UK authorities. The attacks enable credential harvesting from email accounts and other online services accessed through compromised devices. By controlling network gateways, the attackers can intercept unencrypted traffic and redirect users to malicious sites. Router compromises pose significant challenges for detection. Unlike endpoint malware, router infections often persist for months without visible symptoms. Most consumers lack the technical knowledge to check router firmware integrity. The UK alert follows similar warnings from other Western governments about Russian cyber activity targeting critical infrastructure and communications networks. APT28, also known as Fancy Bear, has been linked to numerous high-profile operations including the 2016 Democratic National Committee breach. Security experts recommend that router owners update firmware regularly, change default passwords, and disable remote administration features when not needed. Enterprise networks should implement network segmentation to limit the impact of compromised edge devices. The campaign represents ongoing Russian efforts to establish persistent access to Western communications infrastructure for both intelligence collection and potential future disruptive operations.