Notorious hackers linked to the Russian state have set their sights on the UK as they target vulnerable internet routers.
Russian cyberspies are targeting vulnerable internet routers around the UK to harvest ‘intelligence’, it has been revealed
The notorious hackers, linked to Russia’s GRU military intelligence agency, are said to be exploiting a weakness in commonly used internet routers.
In January GCHQ’s National Cyber Security Centre (NCSC) warned how Russian state-aligned ‘hacktivists’ had been targeting local government websites.
And a few weeks ago they told how Messaging apps such as WhatsApp, Messenger and Signal. They said have been seeing “growing malicious activity from Russia-based actors using messaging apps to target high-risk individuals.”
But now they are warning for around two years these cyber spies have been casting their net even wider, potentially targeting the general public too.
They believe APT28 has been spreading out, to reach as many potential victims as possible before narrowing in on those with “potential intelligence value” since 2024.
APT28 stands for ‘Advanced Persistent Threat’ but they are more commonly known as Fancy Bear, the cyber spies who reportedly hacked the Democratic National Committee (DNC) servers during the 2016 US election campaign.
But according to our intelligence agency for several years they have been stealing users’ sensitive information in the UK by redirecting internet traffic so hackers can harvest people’s email login passwords and other sensitive data.
They have been hijacking the domain name system (DNS), fooling internet users into thinking they are going to a legitimate website when they are in fact going to one controlled by the hackers.
NCSC director of operations Paul Chichester said: “This activity demonstrates how exploited vulnerabilities in widely used network devices can be leveraged by sophisticated hostile actors.
“We strongly encourage organisations and network defenders to familiarise themselves with the techniques described in the advisory and to follow the mitigation advice. The NCSC will continue to expose Russian malicious cyber activity and provide practical guidance to help protect UK networks.”
The NCSC set out a series of measures to protect systems, including using modern devices and keeping them updated. In January GCHQ said that hackers are persistently targeting UK organisations, “particularly local government and operators of critical infrastructure”. It recommended that local authorities review their defences and improve their cyber resilience.
The hackers currently targeting the UKs websites are also called Unit 26165, Forest Blizzard, Pawn Storm, the Sednit Gang and Sofacy. These hackers were accused of using UK computers to attack the German parliament.
Germany summoned Russia’s ambassador after accusing APT28 of carrying out a cyberattack on its air traffic control authority and running a disinformation campaign ahead of its 2024 federal election.
They were also accused of hijacking traffic meant for a Nigerian government website and targeting Apple devices. According to several US intelligence agencies, these Russian hackers also tried to influence the outcome of the US presidential election by stealing Democratic Party emails.
Since Russia invaded Ukraine they have also set their sights on Ukrainian targets, including military personnel. Last year the UK’s intelligence agency exposed a “malicious cyber campaign” targeting those involved in delivering foreign assistance to Ukraine
After a joint investigation with allies including the US, Germany and France, the NCSC said Fancy Bear, described as a Russian military unit, had been targeting both public and private organisations since 2022.
These include organisations involved in supplying defence, IT services and logistics support. Some of the targets were internet-connected cameras at Ukrainian borders which monitored aid shipments going into the country.
The report also says around 10,000 cameras were accessed near “military installations, and rail stations, to track the movement of materials into Ukraine.
It said the “actors also used legitimate municipal services, such as traffic cams.” The notorious hacking team was also linked to leaking the World Anti-Doping Agency data.
