Russian Hackers Target Routers to Steal Sensitive Data

Severity: Critical (Score: 80.0)

Sources: Keystonelaw, Zdnet

Summary

The FBI and NSA issued warnings about Russian hackers exploiting vulnerabilities in routers, particularly targeting SOHO devices. The GRU's APT28 group is involved in stealing sensitive information, including passwords and authentication tokens, from compromised routers. Affected devices include older TP-Link routers, which have reached end-of-life status and are no longer supported. Microsoft identified over 200 organizations and 5,000 consumer devices impacted by these attacks. The vulnerabilities allow attackers to hijack routers and conduct malicious operations, posing risks to both individuals and businesses. Users are advised to change default passwords, update firmware, and consider security protocols. The situation highlights the importance of maintaining router security and being vigilant against cyber threats. Key Points: • Russian hackers are exploiting vulnerabilities in routers to steal sensitive data. • Over 200 organizations and 5,000 devices have been affected by these attacks. • Users should change default passwords and update router firmware to enhance security.

Key Entities

• Apt28 (apt_group)
• Fancy Bear (apt_group)
• Forest Blizzard (apt_group)
• Data Breach (attack_type)
• Malware (attack_type)
• TP-Link (company)
• China (country)
• Russia (country)
• CVE-2023-50224 (cve)
• keystonelaw.co.uk (domain)
• T1003 - OS Credential Dumping (mitre_attack)
• T1021 - Remote Services (mitre_attack)
• T1071.004 - DNS (mitre_attack)