A Russian state-sponsored hacking group, known as APT28 or Fancy Bear, has been compromising home and small office routers to intercept user traffic. By altering the DNS settings of these routers, the group redirects internet traffic through their own servers, enabling them to spy on users. This campaign, uncovered by British security officials, highlights the threat of state-aligned cyber espionage to individual users and small organizations. The technical details of these attacks, outlined in a Microsoft blog, reveal a sophisticated operation that exploits vulnerabilities in SOHO routers1. The implications of this campaign are significant, as it shifts the threat model from traditional cybercrime to geopolitical espionage, requiring a different approach to mitigation and defense. This development matters to cybersecurity practitioners, as it underscores the need to reevaluate their threat assessment and response strategies to account for state-sponsored hacking groups.
Russian hacking group targets home and small office routers to spy on users
⚡ High Priority
Why This Matters
State-aligned activity involving APT28 shifts the threat model from criminal to geopolitical — different playbook required.
References
- Malwarebytes Labs. (2026, April 8). Russian state-sponsored hackers hijack home and small office routers for espionage. *Malwarebytes*. https://www.malwarebytes.com/blog/news/2026/04/russian-state-sponsored-hackers-hijack-home-and-small-office-routers-for-espionage
Original Source
Malwarebytes Labs
Read original →