The Russian hackers internet routers threat has prompted a fresh warning from the UK’s cybersecurity authorities after officials said Russian-linked hackers are exploiting commonly sold internet routers to gather intelligence and harvest sensitive user data.
The UK’s National Cyber Security Centre (NCSC) said the campaign appears to target a broad range of victims before narrowing in on individuals or organisations considered to hold intelligence value. Experts warn the attacks could allow hackers to steal login credentials, redirect users to fraudulent websites, and potentially gain access to other connected devices on a home or business network.
UK Warns of Router Exploitation Campaign
According to the National Cyber Security Centre, the attacks are believed to be “opportunistic in nature,” with threat actors targeting large pools of internet users through vulnerable routers and other network-connected edge devices.
These devices—including routers, internet-connected cameras and similar hardware—often act as gateways between personal networks and cloud services, making them valuable targets for cybercriminals and state-linked hackers.
Cybersecurity experts say compromised routers can serve as entry points into broader home and business networks.
Experts Warn of Serious Security Risks
Alan Woodward said attackers who gain control of a router may be able to intercept internet traffic, redirect victims to fake websites, and scan connected devices for weaknesses.
That could allow hackers to mimic legitimate services such as banking portals, tricking users into entering passwords or financial details on fraudulent websites.
Woodward added that attackers may also establish a foothold inside the network, allowing them to move laterally across devices such as computers, smartphones and tablets.
Russian Group APT28 Suspected
The NCSC said the operation is likely linked to APT28, also known as Fancy Bear, a hacking group widely believed to be associated with Russian intelligence services.
APT28 has previously been blamed for multiple high-profile cyberattacks, including the 2015 breach of the German parliament, which resulted in the theft of confidential emails and internal parliamentary schedules.
Although attribution in cyber operations remains difficult, Western security agencies have repeatedly linked the group to Russian state-backed espionage campaigns.
Why Routers Are a Frequent Target
The Russian hackers internet routers campaign reflects a broader pattern of cyber actors targeting edge devices that are often overlooked by users.
Unlike smartphones and computers, routers are frequently left untouched for years without software updates, password changes or security reviews. Experts say many users forget routers require maintenance and firmware updates.
Older routers that no longer receive manufacturer security support are particularly vulnerable to exploitation.
International Concerns Over Router Security
The warning comes amid wider concerns about the security of networking hardware.
In the United States, the Federal Communications Commission recently banned the sale of certain foreign-made consumer routers, citing national security risks and vulnerabilities linked to espionage and cyberattacks.
US officials argued that foreign-made routers had been exploited in attacks targeting American households and critical infrastructure.
However, privacy and cybersecurity specialists have warned that banning new sales does not address the larger issue of outdated devices already installed in homes and businesses.
Lessons From Previous Major Cyberattacks
Experts point to several major historical incidents that demonstrate the risks posed by poorly secured routers.
One of the most significant examples was the 2016 cyber theft from the Bangladesh Bank, when hackers stole $80 million after exploiting vulnerabilities linked to outdated networking equipment.
Investigators later concluded that the attackers likely used insecure routers to gain entry into the bank’s internal systems before moving funds overseas.
The attack was widely attributed to a North Korean-linked hacking group.
Advice for Businesses and Consumers
Cybersecurity experts say the Russian hackers internet routers threat highlights the need for stronger security practices among both individuals and small businesses.
Recommended steps include:
Keep Router Firmware Updated: Users should regularly install manufacturer firmware updates to patch vulnerabilities.
Replace End-of-Life Devices: Routers no longer supported by manufacturers should be replaced immediately.
Change Default Passwords: Many attacks exploit default or weak administrator passwords left unchanged after installation.
Monitor Network Activity: Small businesses should watch for unusual network behaviour that may indicate compromise.
Growing Cyber Espionage Threat
The latest warning underscores growing concern among Western governments over cyber espionage operations linked to hostile states.
As homes and businesses become increasingly dependent on internet-connected devices, experts warn that network hardware remains one of the most overlooked but critical areas of cybersecurity.
Officials say the Russian hackers internet routers campaign is a reminder that even ordinary consumer technology can become a gateway for sophisticated espionage operations.