Cnet
GRU Compromises Home Routers in 23 States to Steal Outlook Credentials
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The FBI and partners disrupted a covert network of compromised TP-Link and MikroTik routers exploited by the Russian GRU (APT28) to steal Outlook credentials. This operation, known as Operation Masquerade, revealed that over 5,000 consumer devices across 23 states were affected, with the attack leveraging CVE-2023-50224, an authentication bypass flaw. The GRU hijacked routers by altering DNS settings, redirecting users to fake login pages without their knowledge. The operation began in August 2025 and peaked in December 2025, impacting over 200 organizations globally. Authorities have urged immediate action to secure routers, including firmware updates and changing default credentials. The UK National Cyber Security Centre confirmed the campaign's opportunistic nature, targeting individuals in sensitive sectors. The FBI's intervention involved restoring legitimate configurations on compromised devices without accessing user data.
Key Points: • GRU exploited CVE-2023-50224 to hijack routers and steal Outlook credentials. • Over 5,000 consumer devices in 23 states were compromised in this operation. • Immediate action is recommended for router owners to secure their devices.