Russian military intelligence group Fancy Bear, linked to the GRU, conducted a multi-year campaign hacking home and small business routers across dozens of countries.
The hackers exploited known vulnerabilities in MikroTik and TP-Link routers, redirecting internet traffic to fake sites to steal login credentials and bypass two-factor authentication.
Targets included government departments, law enforcement, and email providers in North Africa, Central America, and Southeast Asia.
The operation was uncovered and disrupted by an international coalition including the FBI and DOJ. A court order enabled the FBI to reset compromised routers in the U.S. and collect evidence.
The incident highlights how outdated consumer router firmware creates systemic vulnerabilities. These devices, often unpatched and unmonitored, act as a global backdoor for state-level espionage.
