DMR News

Advancing Digital Conversations

News Americas Latest Newsbreak Technology

Russian Hackers Hijack Thousands Of Routers To Steal Credentials Globally

ByJolyen

Apr 8, 2026

Russian Hackers Hijack Thousands Of Routers To Steal Credentials Globally

A Russian state-linked hacking group has compromised thousands of home and small business routers worldwide, redirecting internet traffic to steal passwords and access tokens, according to cybersecurity researchers and government agencies.

Fancy Bear Targets Routers Using Known Vulnerabilities

The group, known as Fancy Bear, has a history of cyber-espionage operations and is widely believed to be linked to Russia’s GRU intelligence agency. The campaign targeted unpatched routers manufactured by MikroTik and TP-Link.

The National Cyber Security Centre and Black Lotus Labs said the attackers exploited previously disclosed vulnerabilities in devices running outdated software.

Compromised Devices Used To Intercept Internet Traffic

Researchers said the attackers modified router settings to reroute victims’ internet traffic through infrastructure controlled by the hackers. This allowed them to redirect users to spoofed websites designed to capture login credentials.

By obtaining passwords and access tokens, the attackers could gain access to online accounts without requiring two-factor authentication codes.

The campaign enabled long-term surveillance of affected users, often without their knowledge.

Global Impact Spans Governments And Consumer Devices

Black Lotus Labs estimated that at least 18,000 victims across around 120 countries were affected, including government agencies, law enforcement organizations, and email providers in regions such as North Africa, Central America, and Southeast Asia.

Microsoft said its researchers identified more than 200 organizations and 5,000 consumer devices impacted, including several government entities in Africa.

The NCSC said the campaign appears to be opportunistic, with attackers initially targeting a broad range of devices before focusing on specific intelligence targets.

Authorities Disrupt Infrastructure Behind Campaign

The Federal Bureau of Investigation is expected to announce the seizure of domains used in the operation. Black Lotus Labs said it worked with partners, including the FBI, to disrupt the botnet infrastructure and take it offline.

Featured image credits: PICRYL

For more stories like it, click the +Follow button at the top of this page to follow us.

Jolyen

As a news editor, I bring stories to life through clear, impactful, and authentic writing. I believe every brand has something worth sharing. My job is to make sure it’s heard. With an eye for detail and a heart for storytelling, I shape messages that truly connect.

Related News

Uber Expands AWS Deal To Use Amazon Chips In Shift From Google And Oracle
Apr 8, 2026 Jolyen
Binge App Adds Jump Scare Alerts Using Apple Live Activities Feature
Apr 8, 2026 Jolyen
Google Chrome Adds Vertical Tabs And Updates Reading Mode Amid Browser Competition
Apr 8, 2026 Jolyen

Leave a Reply

Your email address will not be published. Required fields are marked *

DMR News (Digital Market Reports) is a brand of PulseDirect Communication LLC.

DMR News was established in 2020 to be a trusted source for digital market news and to encourage more conversations about the ever-evolving digital landscape. The inception of DMR News was marked by a recognition of the rapidly evolving digital landscape and the need for a dedicated platform that could keep pace with its constant transformations.

PulseDirect Communication LLC
Sheridan, WY 82801, USA

DMR News

Advancing Digital Conversations

© 2026 PulseDirect Communication LLC. All rights reserved. | 30 N Gould ST STE R, Sheridan, WY 82801