UK cybersecurity authorities have warned that Russian hackers are exploiting widely used internet routers to carry out espionage operations, as part of a broader cyber campaign.
Cybersecurity experts warn that the breach could enable attackers to steal users’ login credentials, redirect them to fake websites, and potentially infiltrate other devices connected to home networks, including smartphones and computers.
The UK’s National Cyber Security Centre (NCSC) said on Tuesday that the campaign is “believed to be opportunistic in nature,” with attackers targeting a broad range of victims before narrowing down those with possible intelligence value.
The agency noted that the attacks reflect a growing trend in which cyber actors focus on “edge devices” such as routers and internet-connected security cameras, which often serve as entry points between home networks and the internet.
The NCSC linked the activity to APT28, also known as Fancy Bear, a group widely believed to be associated with Russian intelligence services.
APT28 has previously been accused of major cyber operations, including the 2015 attack on the German parliament, which led to the theft of sensitive data such as confidential emails and parliamentary schedules.
In response to growing concerns, the United States recently moved to ban the sale of consumer-grade internet routers manufactured outside the country, citing national security risks.
The Federal Communications Commission said such devices had been used in cyberattacks targeting American infrastructure, warning that they can enable espionage, network disruption, and intellectual property theft.
The decision could significantly impact global hardware supply chains, as most routers are produced in China or Taiwan, with limited exceptions such as devices manufactured by Elon Musk’s Starlink in the United States.
