Russian government hackers allegedly broke into thousands of home routers to steal passwords

April 7, 2026
aisecuritylawgovernment
Close-up of login keyboard tiles on a coral background, perfect for tech themes.
Photo by Miguel Á. Padriñán on Pexels

What happened

It has been reported that a long-running Russian hacking group — Fancy Bear, also known as APT28 — allegedly hijacked thousands of home and small-business routers to siphon passwords and access tokens. Security outfits including Lumen’s Black Lotus Labs and the U.K.’s NCSC say the campaign abused known vulnerabilities in MikroTik and TP-Link devices, changing router settings so victims’ web traffic was silently routed through infrastructure controlled by the attackers. The technique let the hackers push users to spoofed sites and swipe credentials that defeated two-factor authentication. Fancy Bear is widely believed to be tied to Russia’s GRU; it has been reported that the group has a track record, from the DNC breach to the destructive Viasat attack.

Scope and response

Black Lotus Labs says, it has been reported that, at least 18,000 victims in about 120 countries were affected, spanning government departments, law enforcement and email providers across North Africa, Central America and Southeast Asia. Microsoft reported over 200 affected organizations and some 5,000 consumer devices; the U.K. NCSC described the operations as likely opportunistic, casting a wide net before zeroing in on targets of intelligence interest. Lumen and partners, including the FBI, say they disrupted the botnet and took domains offline; a formal FBI announcement is expected, and a bureau spokesperson did not respond to requests for comment prior to publication.

Why it matters — and what to do

There’s a bruise here that’s more than techy discomfort; it’s personal. Your router is the unsung gatekeeper of your digital life. Outdated firmware and default settings make it an easy door in. Want to avoid being the next headline? Patch firmware, change default passwords, enable automatic updates where available, and consider a factory reset if your device is old and unpatched. If you run critical services, lean on your IT team or ISP. This is the latest chapter in a familiar story: badly maintained internet-of-things devices keep getting weaponized. Aren’t we due for a little more care where our home networks are concerned?

Sources: techcrunch