Germany’s Federal Office for the Protection of the Constitution warned that Russian state-linked hackers have exploited vulnerabilities in TP-Link routers to gain access to sensitive networks, Reuters reports. The alert was issued in collaboration with Germany’s Federal Intelligence Service and the Federal Bureau of Investigation.
The hacking group, known as APT28 or Fancy Bear, is associated with Russia’s military intelligence agency, the GRU. This group has faced longstanding accusations from Western governments regarding its involvement in various cyber espionage operations.
Authorities reported that thousands of routers were targeted worldwide, including approximately 30 in Germany. Some breaches have been confirmed, prompting operators to replace the impacted devices.
The attacks primarily targeted military, government, and critical infrastructure networks. The BfV highlighted APT28’s history of previous targeting of Germany’s parliament, the SPD political party, and air traffic control systems.
In 2024, the U.S. Department of Defense issued a warning that Russian cyber actors have been using compromised routers for their operations. According to the advisory, the GRU’s 85th Main Special Service Center, also known as APT28 and Forest Blizzard, has utilized compromised EdgeRouters globally.
These intrusions have enabled hackers to steal credentials, collect NTLMv2 hashes, and route network traffic, alongside hosting spear-phishing pages and custom hacking tools. Last week, the Federal Communications Commission announced a ban on new foreign-made routers in the U.S., although existing home internet setups remain unaffected as the regulations apply only to new devices.
Click Here For The Original Source.
