Russia hacks thousands of consumer routers

Russia's military has compromised an estimated 18,000 to 40,000 consumer routers across 120 countries, primarily targeting older, unpatched MikroTik and TP-Link devices. This sophisticated operation, attributed to the APT28 group, exploits routers to redirect users to malicious sites, harvesting passwords and credential tokens for espionage. The attackers leverage DNS manipulation and proxy services to intercept traffic, even bypassing multi-factor authentication by capturing OAuth tokens after users click through security warnings. This campaign highlights the persistent threat posed by advanced actors blending new techniques, like LLMs, with classic exploitation methods.