Russian State Hackers Target Vulnerable Routers Worldwide, Joint Advisory Warns
Cybersecurity agencies from 12 countries have warned that Russian state-backed hackers are actively targeting vulnerable routers using weak SNMP credentials
Routers are network gateways whose flaws, misconfigurations, or exposed interfaces can enable unauthorized access, interception, or service disruption.
Search across headline titles and summaries.
Background for this topic.
Routers are network devices that forward packets between separate networks, using destination addresses to choose a path. A home router usually connects a local network to the internet and may also provide wireless access, address assignment, network address translation, firewall rules, VPN termination, or DNS forwarding. Enterprise routers can connect internal segments, data centers, and remote sites.
In security, a router is both a traffic-control point and an attack surface. Vulnerable firmware, exposed administrative services, weak credentials, or unnecessary remote management can let an attacker alter routing, redirect traffic, or use the device to reach other systems; misconfigured rules can expose internal services. Reduce risk by keeping firmware supported and updated, restricting management to trusted networks, using strong unique authentication, disabling unneeded services, separating networks, and reviewing logs and configurations. During an incident, router configuration and routing or DNS changes can provide useful evidence, while tested backups help restore trusted connectivity.
Weekly headline count for the current query.
Cybersecurity agencies from 12 countries have warned that Russian state-backed hackers are actively targeting vulnerable routers using weak SNMP credentials
The same extension applies to security updates shipped to US-based users of foreign-made drones
The FBI deployed a method to unplug US-based routers compromised by APT28 from the threat actor’s malicious network
Newly identified malicious campaigns are linked to virtual private servers modified by APT28 to operate as malicious DNS servers
The US Federal Communications Commission has placed all “consumer-grade” internet routers produced outside the US on its “covered list”
DKnife is a Chinese made malware framework that targets Chinese-based users
SecurityScorecard has revealed a new Chinese campaign targeting thousands of ASUS routers globally
Forescout researchers discovered critical and high-severity vulnerabilities in several TP-Link VPN routers
New smishing attacks exploit Milesight routers to send phishing texts targeting Belgian users
A threat actor has used ASUS routers’ legitimate features to create persistent backdoors that survive firmware updates and reboots
The FBI has detected indicators of malware targeting end-of-life routers associated with Anyproxy and 5Socks proxy services
The legislation mandates a probe into foreign-made routers to identify risks for US national security
Mandiant revealed that Chinese espionage actor UNC3886 has deployed modified versions of the TinyShell backdoor across multiple Juniper OS routers
Murdoc_Botnet used Mirai malware to exploit IoT vulnerabilities, targeting devices globally
A newly identified Mirai botnet exploits over 20 vulnerabilities, including zero-days, in industrial routers and smart home devices
Moxa has reported two critical vulnerabilities in its routers and network security appliances that could allow system compromise and arbitrary code execution
Two Congressmen fear that the Chinese government might use TP-Link Wi-Fi routers to deploy hacking and espionage campaigns in the US
The routers were hijacked to steal credentials, proxy traffic, and host phishing pages and custom tools
US government agencies took down the botnet of Chinese APT Volt Typhoon, used to target critical infrastructure for nation-state espionage
BlackTech group blamed for cyber-espionage operation