Thousands of consumer routers hacked by Russia’s military
Summary
Ars Technica reports that the Russian military's APT28 hacked thousands of consumer routers in homes and small offices across 120 countries, using DNS hijacking and man-in-the-middle proxies to harvest credentials and tokens. The operation targeted older, unpatched routers (notably MikroTik and TP-Link) and propagated DNS changes via DHCP, with researchers noting the group blends cutting-edge tools (including an LLM-like approach dubbed 'LAMEHUG') with classic attack methods. For SMBs and consumers, the article advises checking router DNS settings, reviewing device logs, and replacing end-of-life devices with security-updated models.