Fancy Bear (APT28) Hijacks Thousands of Home Routers in Global Password Theft Campaign

Russian state-linked hackers have seized control of thousands of residential home routers worldwide, using them as a covert platform to steal passwords and authentication tokens. The operation, attributed to the group known as Fancy Bear or APT28, represents a significant escalation in cyber espionage tactics, moving beyond traditional enterprise targets to exploit the often poorly secured devices in private homes.

The campaign, detailed in a new report, reveals that the hackers are not just passively monitoring traffic but actively compromising routers to harvest credentials. This method provides a stealthy vantage point, allowing the group to intercept sensitive data from unsuspecting users before it reaches encrypted services. The scale is notable, involving 'thousands' of devices, indicating a broad, systematic effort rather than a targeted attack.

The implications extend beyond individual privacy. Compromised routers can be used to launch further attacks, mask the origin of espionage activities, and create a resilient botnet for future operations. This incident underscores the persistent threat posed by state-sponsored groups to global digital infrastructure and highlights the critical security vulnerabilities in consumer-grade networking equipment that many individuals and even small businesses rely on.