Germany’s Federal Office for the Protection of the Constitution warned that Russian state-linked hackers have exploited vulnerabilities in TP-Link routers to access sensitive networks. The alert was issues in conjunction with the Federal Intelligence Service and the Federal Bureau of Investigation.
The hacking group APT28, also known as Fancy Bear, is attributed to Russia’s military intelligence agency, the GRU. Western governments have accused APT28 of carrying out cyber espionage activities for several years.
Authorities reported that thousands of routers were targeted globally, with approximately 30 of those in Germany. In confirmed cases of breaches, some operators have replaced affected devices. The cyber campaign primarily focused on military, government, and critical infrastructure networks. The BfV indicated that APT28 has previously attacked various German institutions, including the parliament and the SPD political party.
In 2024, the U.S. Department of Defense issued an advisory regarding Russian cyber actors using compromised routers for cyber operations, specifying the GRU’s 85th Main Special Service Center, known as APT28 or Forest Blizzard.
The advisory stated that the attacks enabled hackers to steal credentials, collect NTLMv2 hashes, route network traffic, and host phishing pages and hacking tools.
In a related move, the Federal Communications Commission announced a ban on new foreign-made routers in the U.S. Existing home internet setups remain unaffected, as the ban applies only to new devices, with vendors permitted to seek exemptions.







