A cyber espionage group linked to the Russian government has compromised thousands of residential internet routers to harvest passwords and authentication tokens. The operation, attributed to Fancy Bear (also known as APT28), marks a shift in tactics by targeting consumer devices rather than corporate networks.
According to cybersecurity researchers, the hackers exploited vulnerabilities in widely used router models. They installed custom malware that intercepted unencrypted traffic and captured login credentials for email, banking, and social media accounts. The compromised devices included models from major manufacturers, suggesting a broad campaign rather than a targeted attack.
The operation was first detected in early 2026 by a coalition of cybersecurity firms. Investigators found that the malware remained dormant for weeks before activating, making detection difficult. This stealth approach allowed the hackers to gather credentials over months without raising alarms.
Russian officials have not responded to requests for comment. Cybersecurity experts warn that the attack highlights the risks of using outdated or unpatched home devices. They recommend regular firmware updates and disabling remote administration features to reduce exposure.
Source: techcrunch.com