Hackers linked to the Russian state have compromised commonly used wifi routers and are using them to harvest data, GCHQ has said.
The National Cyber Security Centre (NCSC), which is a part of the national intelligence service, said it had discovered the hacking group Fancy Bear was exploiting a weakness in certain routers.
By hijacking the system used to type in web addresses, the group can divert users to disguised malicious websites and trick them into giving away information like passwords.
That means users could find themselves on a fake version of a site such as Microsoft Outlook without realising it – and obliviously hand over everything they type to the hackers.
Fancy Bear would be able to intercept conversations between two parties, allowing them to read messages or even alter their content.
According to the NCSC, the router hacking would mean this could be done on both browser sessions and desktop apps.
Want to understand more about how politics affects your life?
Metro’s senior politics reporter Craig Munro breaks down all the chaos into easy to follow insight, in Metro‘s politics newsletter Alright, Gov? Sent every Wednesday. Sign up here.
This has been happening since 2024 and into this year, they said.
The centre warned that Fancy Bear was ‘casting a wide net’ to capture as many victims as possible.
Director of Operations Paul Chichester said: ‘This activity demonstrates how exploited vulnerabilities in widely used network devices can be leveraged by sophisticated hostile actors.
‘We strongly encourage organisations and network defenders to familiarise themselves with the techniques described in the advisory and to follow the mitigation advice.
‘The NCSC will continue to expose Russian malicious cyber activity and provide practical guidance to help protect UK networks.’
GCHQ has suggested a number of ways people and businesses can protect themselves from the hacks, including:
- Updating systems and software
- Using two-factor authentication instead of just a password
- Set up a host-based intrusion detection system to monitor for signs of suspicious activity
Fancy Bear – also known by names including APT28, Unit 26165 and Forest Blizzard – has been linked to Russia’s GRU state military intelligence agency.
It is one of the Kremlin’s most notorious hacking squads – both highly skilled and well-funded.
Last year, the NCSC exposed a Russian cyber campaign targeting an eye-popping range of assets involved in getting support to Ukraine.
Everything from logistics firms and air traffic control systems to cameras on the Ukrainian border were caught up in the vast operation.
Get in touch with our news team by emailing us at webnews@metro.co.uk.
For more stories like this, check our news page.
