The United States and European security agencies have issued warnings about a hacker organization linked to the Russian government conducting large-scale espionage activities using Wi-Fi routers. By infiltrating these devices, the group is monitoring the governments and militaries of Western countries.
In a joint statement released on Tuesday, intelligence and law enforcement agencies from the U.S., Canada, Ukraine, Germany, Italy, Poland, and other countries expressed concerns that the Russian hacker group known as “Fancy Bear” is conducting large-scale espionage through vulnerable Wi-Fi routers, posing a threat to the security of these countries and their citizens. The hacker group is believed to be a subunit of the Russian military intelligence agency, the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).
The Security Service of Ukraine (SBU) stated in a release that the organization’s hackers bypass security protocols and encryption technologies to collect the users’ passwords, authentication tokens, and other sensitive information, including emails.
The United Kingdom’s National Cyber Security Centre (NCSC) has also warned that these hackers are exploiting well-known vulnerabilities in home and office routers to steal sensitive data such as passwords and authorization tokens.
This hacker organization can remotely access others’ devices and redirect internet traffic to fake websites and email services, like collecting sensitive data from Microsoft Outlook. Connected smartphones and laptops are also more vulnerable to hacker attacks.
NCSC indicates that this espionage activity has been ongoing since 2024. Paul Chichester, the NCSC’s Operations Director, stated, “This activity demonstrates how sophisticated actors can fully exploit vulnerabilities that exist in widely-used network devices.”
“NCSC will continue to expose Russia’s malicious cyber activities and provide practical guidance to help protect the UK’s networks,” NCSC added.
Hackers seem to be targeting popular TP-Link and MikroTik routers for these espionage activities.
Officials from countries participating in the joint statement released on Tuesday believe that the hacker group utilizes stolen data for network attacks, information disruption, and intelligence gathering, focusing on military, government, and critical infrastructure targets in these countries.
Last month, the U.S. government announced a ban on the import, sale, and marketing of foreign-made internet routers for national security reasons.
The Federal Communications Commission (FCC) of the United States stated, “Malicious actors exploit security vulnerabilities in routers manufactured abroad to attack American households, disrupt networks, enable espionage activities, and facilitate intellectual property theft.”