{"id":519600,"date":"2026-04-08T13:38:08","date_gmt":"2026-04-08T13:38:08","guid":{"rendered":"https:\/\/www.newsbeep.com\/uk\/519600\/"},"modified":"2026-04-08T13:38:08","modified_gmt":"2026-04-08T13:38:08","slug":"britons-warned-about-russian-hackers-targeting-internet-routers-for-espionage-cybercrime","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/uk\/519600\/","title":{"rendered":"Britons warned about Russian hackers targeting internet routers for espionage | Cybercrime"},"content":{"rendered":"<p class=\"dcr-130mj7b\">Russian hackers are exploiting commonly sold internet routers to harvest information for espionage purposes, the UK\u2019s cybersecurity agency has said.<\/p>\n<p class=\"dcr-130mj7b\">The hack could allow attackers to obtain users\u2019 credentials, redirect them to fake sites, and potentially access other devices on their home network such as phones and PCs, said Alan Woodward, a professor at the University of Surrey.<\/p>\n<p class=\"dcr-130mj7b\">The National Cyber Security Centre <a href=\"https:\/\/www.ncsc.gov.uk\/news\/apt28-exploit-routers-to-enable-dns-hijacking-operations\" data-link-name=\"in body link\" rel=\"nofollow noopener\" target=\"_blank\">said on Tuesday<\/a> the operations were \u201cbelieved to be opportunistic in nature, with the actor targeting a wide pool of victims and then likely filtering down for users of potential intelligence value at each stage of the exploitation chain\u201d.<\/p>\n<p class=\"dcr-130mj7b\">It follows a common pattern of cyber-actors targeting edge devices \u2013 hardware such as internet routers or internet-connected security cameras \u2013 that act as a bridge between users and the cloud.<\/p>\n<p class=\"dcr-130mj7b\">Woodward said: \u201cIt\u2019s not the first time that warnings have come out about routers. The main thing to say is that these so-called edge devices are quite often forgotten about, and they can become a weak point.\u201d<\/p>\n<p class=\"dcr-130mj7b\">If attackers successfully attacked a router, he said, they could \u201ctake you to fake sites. You might think you\u2019re going to your bank, but they take you somewhere else.<\/p>\n<p class=\"dcr-130mj7b\">\u201cThey can establish themselves on your network, move around your network, and see if the devices on your network \u2013 your PC, your phone \u2013 have any vulnerabilities.\u201d<\/p>\n<p class=\"dcr-130mj7b\">The group behind the attacks was probably APT28 or Fancy Bear, wrote the NCSC, which was \u201calmost certainly\u201d linked to Russian intelligence services.<\/p>\n<p class=\"dcr-130mj7b\">APT28 was also behind cyber-attacks on the German parliament <a href=\"https:\/\/www.theguardian.com\/world\/2015\/jan\/07\/pro-russian-group-cyber-attack-german-government-websites-angela-merkel-ukraine-prime-minister\" data-link-name=\"in body link\" rel=\"nofollow noopener\" target=\"_blank\">in 2015<\/a>, in which large amounts of data were stolen, including confidential emails and the schedules of German MPs.<\/p>\n<p class=\"dcr-130mj7b\">\u201cWe don\u2019t tend to know a lot about them. The suspicion is they\u2019re working on behalf of the Russian state, but no one knows for definite, because often nation-state attacks are done through criminal groups,\u201d said Woodward.<\/p>\n<p class=\"dcr-130mj7b\">The US has recently banned the sale of all consumer-grade internet routers made outside of the country, with <a href=\"https:\/\/docs.fcc.gov\/public\/attachments\/DOC-420034A1.pdf\" data-link-name=\"in body link\" rel=\"nofollow noopener\" target=\"_blank\">the Federal Communications Commission saying<\/a> they \u201cpose unacceptable risks to the national security of the United States\u201d.<\/p>\n<p class=\"dcr-130mj7b\">\u201cMalicious actors have exploited security gaps in foreign-made routers to attack American households, disrupt networks, enable espionage, and facilitate intellectual property theft,\u201d it said, saying that foreign-made routers had been involved in several recent cyberattacks targeting US infrastructure.<\/p>\n<p class=\"dcr-130mj7b\">As almost all internet routers are made in China or Taiwan, this stands to severely affect a number of US hardware makers. An exception to this is Elon Musk\u2019s Starlink, which manufactures all its devices in Texas.<\/p>\n<p class=\"dcr-130mj7b\">Privacy experts have said this outright ban will not fully address vulnerabilities in existing internet routers, and that a more significant problem may be that internet routers currently in use are at the end of their lives and no longer receiving security updates.<\/p>\n<p class=\"dcr-130mj7b\">Woodward said the NCSC\u2019s warning was an indication that small businesses and individuals should keep their routers updated. \u201cIf you\u2019re a small business, you should look out for unusual activities on your network. A lot of routers are just forgotten about.\u201d<\/p>\n<p class=\"dcr-130mj7b\">One of the largest cyberattacks in history, in which hackers stole $80m from Bangladesh\u2019s central bank in 2016, happened because the bank used cheap, secondhand internet routers that were accessible from the broader internet.<\/p>\n<p class=\"dcr-130mj7b\">Hackers were able to access the router, then the core network of the central bank, from there transferring its cash to accounts in the Philippines. It is <a href=\"https:\/\/cyber.uk\/areas-of-cyber-security\/cyber-security-threat-groups-2\/nation-state-hackers-case-study-bangladesh-bank-heist\/\" data-link-name=\"in body link\" rel=\"nofollow noopener\" target=\"_blank\">believed<\/a> that a state-linked North Korean hacking group was behind the attack.<\/p>\n<p class=\"dcr-130mj7b\">Woodward said: \u201cIt\u2019s the classic way that people probe, and it\u2019s almost bound to happen again.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"Russian hackers are exploiting commonly sold internet routers to harvest information for espionage purposes, the UK\u2019s cybersecurity agency&hellip;\n","protected":false},"author":2,"featured_media":519601,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[49,50,51,47,52,48],"class_list":{"0":"post-519600","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-headlines","8":"tag-headlines","9":"tag-news","10":"tag-top-news","11":"tag-top-stories","12":"tag-topnews","13":"tag-topstories"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts\/519600","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/comments?post=519600"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts\/519600\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/media\/519601"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/media?parent=519600"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/categories?post=519600"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/tags?post=519600"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}