Russia's military has compromised thousands of consumer routers worldwide, primarily targeting MikroTik and TP-Link devices, to steal sensitive credentials. The hacking campaign, attributed to APT28, a subgroup of Russia's GRU military intelligence agency, has affected an estimated 18,000 to 40,000 routers across 120 countries. By hijacking these routers, the threat actors redirect unsuspecting users to malicious sites designed to harvest passwords and credential tokens, which are then used to support espionage operations1. The scope of this campaign underscores the significant threat posed by state-aligned actors, who often employ tactics distinct from those used by criminal groups. This shift in threat model necessitates a distinct approach to mitigation and defense. The fact that nation-state actors are targeting consumer-grade routers highlights the importance of robust security measures for these commonly exploited devices, making it crucial for practitioners to reevaluate their security protocols.