Hackers linked to the government of Russia, believed to be part of the well-known group Fancy Bear, have infiltrated thousands of internet routers used in homes and businesses across the globe.
ALSO READ: Senate President Links Genocide to Bad Governance and Honors Slain Politicians
Previous Cyberattacks Linked to Fancy Bear
The group is notorious for carrying out major cyberattacks, including the 2016 breach in the United States, where it accessed confidential data from the Democratic Party, as well as a destructive attack on the satellite communications provider Viasat in 2022.
Method of Attack on Internet Routers
Recently, the hackers targeted routers running outdated software worldwide. They secretly altered the configuration of these devices to redirect users’ internet traffic, enabling them to send victims to fake websites and steal passwords and security tokens.
This allowed the attackers to gain access to user accounts without needing secondary authentication codes typically sent to phones or other devices.
Scale of the Cyberattack Impact
Researchers found that at least 18,000 users in around 120 countries were affected by the attacks.
Microsoft also reported that more than 200 organizations and 5,000 customer devices were impacted, including at least three government institutions in Africa.
Response, Attribution, and Investigation Findings
To counter the attacks, a coalition of U.S. technology companies and government agencies—including the Federal Bureau of Investigation and the United States Department of Justice—took action to dismantle the network used by the hackers.
The U.S. government also obtained a court order allowing it to access and send specialized commands to affected routers within the United States, restoring them to their normal settings and preventing further exploitation.
These hackers have been identified and confirmed as operating on behalf of Russia by a coalition of government cybersecurity agencies and independent researchers.
Organizations that issued alerts about the attacks include the National Cyber Security Centre in the United Kingdom and Black Lotus Labs.
Microsoft’s security researchers also investigated the attacks and later published detailed findings.
By analyzing digital evidence, tools, and techniques used in the attacks, cybersecurity experts and government agencies concluded that they closely match those associated with Fancy Bear, also known as APT28.
International intelligence agencies and cybersecurity experts widely believe that Fancy Bear is a state-sponsored group operating under GRU, Russia’s military intelligence service.
