EXCLUSIVE: RUSSIAN SPIES HIJACK 18,000 ROUTERS IN GLOBAL TOKEN HEIST
A massive, state-sponsored cyber-espionage campaign has turned thousands of ordinary office routers into silent data-siphoning weapons. Security experts warn that hackers linked to Russia's GRU military intelligence have successfully exploited known vulnerabilities in outdated hardware to steal Microsoft Office authentication tokens from over 18,000 networks globally. This isn't a complex malware deployment; it's a devastatingly simple data breach executed by redirecting internet traffic at its core.
Dubbed "Forest Blizzard"—also known as APT28 or Fancy Bear—this group is the same unit that infiltrated the U.S. Democratic Party in 2016. Their latest operation avoided sophisticated zero-day exploits, instead targeting end-of-life routers from brands like Mikrotik and TP-Link that were far behind on critical security patches. By hijacking the Domain Name System (DNS) settings on these devices, the hackers silently redirected users to servers they controlled, harvesting credentials without a single piece of ransomware or malicious code installed on the victim's computer.
"This campaign reveals a dangerous shift towards infrastructure-level attacks," explained a senior cybersecurity analyst familiar with the investigation. "They didn't need a phishing email or a new exploit. They weaponized negligence, turning unpatched vulnerabilities in common hardware into a global surveillance dragnet." The primary targets included government agencies, foreign ministries, and law enforcement bodies across multiple continents.
This incident is a wake-up call for every organization. Your strongest crypto wallet or most robust blockchain security means nothing if the router in your lobby is a decade old and unmanaged. This GRU-led operation proves that foundational network hygiene is the first and most critical line of defense. The threat isn't always a flashy new malware strain; sometimes, it's the forgotten device in the closet running code from 2015.
We predict a brutal surge in copycat attacks targeting the millions of obsolete routers still connected worldwide. The playbook is now public: find old hardware, exploit known flaws, and harvest everything.
Your network is only as strong as its weakest link—and that link might be a $50 router you forgot existed.
