A large-scale Russian state-sponsored espionage campaign, attributed to APT28, was recently dismantled after compromising over 18,000 routers across more than 120 countries. The attackers, linked to Russia's Main Intelligence Directorate, exploited known vulnerabilities in TP-Link routers to steal credentials and hijack domain name system settings. This campaign, known as Operation Masquerade, allowed the threat group to gain deeper access to sensitive networks for espionage purposes. The sheer scale of the operation highlights the significant resources and capabilities of state-sponsored threat actors1. The fact that APT28 was able to compromise such a large number of devices underscores the importance of patching known vulnerabilities and implementing robust security measures. This incident matters to cybersecurity practitioners because it demonstrates the shift in threat models from criminal to geopolitical, requiring a different approach to mitigate and respond to such threats.