American law enforcement has dismantled a sprawling Russian cyber operation that secretly commandeered thousands of home and office routers around the world to steal online credentials, officials announced Tuesday.
The U.S. Justice Department said the FBI developed commands sent to compromised routers on U.S. soil, with court approval. Those steps gathered evidence, restored factory settings and blocked hackers from regaining access. This action formed part of a broader coalition effort, including telecom firm Lumen, that shut down domains powering the network.
Security researchers at Lumen’s Black Lotus Labs and Microsoft linked the scheme to Fancy Bear, the notorious GRU-backed group responsible for high-stakes intrusions like the 2016 hack of the Democratic National Committee and the 2022 assault on Viasat’s satellite systems, which disrupted Ukrainian defences.
The hackers targeted vulnerable MikroTik and TP-Link routers running outdated software. They exploited public flaws to tweak DNS configurations, quietly rerouting users’ internet traffic to malicious servers. From there, victims landed on phony websites mimicking legitimate ones, surrendering passwords and login tokens even past two-factor checks.
The UK’s National Cyber Security Centre assessed the campaign as “likely opportunistic in nature, with the actor casting a wide net to reach many potential victims, before narrowing in on targets of intelligence interest as the attack develops.”
Lumen counted more than 18,000 affected devices across 120 countries, striking government agencies, police, and email providers in regions including North Africa, Central America, and Southeast Asia. Microsoft identified over 200 organisations and 5,000 consumer gadgets hit, among them African public bodies.
The FBI provided no comment ahead of publication. Cybersecurity specialists urge immediate patching. MikroTik users need RouterOS 6.49.8 or newer, while TP-Link owners should download the latest firmware. Europol and the U.S.’s CISA highlight how such small-scale devices fuel major espionage, especially in tense global climates.