Global Cyber Alert: Russian Military Intelligence Compromises Thousands of Routers
Authorities Law enforcement agencies across multiple nations coordinated a massive rollout of security advisories this week. The objective is to alert the public and private sectors to a sophisticated hacking campaign that compromised home and office routers globally. Experts indicate the operation was most active during the latter half of 2025, enabling illicit monitoring of private web traffic and credential theft.
According to investigations by Microsoft and the research firm Lumen, the hackers utilized a technique known as DNS (Domain Name System) hijacking. By altering router settings, the attackers gained «passive visibility,» allowing them to intercept emails and passwords from over 18,000 devices in 120 countries. Microsoft noted that the breach targeted 200 specific organizations starting in August 2025, though Lumen suggests the infrastructure began expanding as early as May.
Intelligence officials in the United Kingdom, the Netherlands, and the United States have linked this activity to «Forest Blizzard» (also known as APT28). This group operates under the umbrella of Military Unit 26165 within Russia’s GRU. Brett Leatherman, the FBI’s cyber division assistant director, emphasized that the scale of the threat necessitated a global «alarm» to protect users from ongoing espionage.
The Forest Blizzard collective has a documented history of aggressive cyber operations. They were previously implicated in the 2016 breach of US Democratic Party servers and a 2015 attack on the German Parliament. Furthermore, the group targeted the Organization for the Prohibition of Chemical Weapons (OPCW) in 2018. At that time, the OPCW was investigating the poisoning of Sergei Skripal, a former GRU officer, involving the Soviet-era nerve agent Novichok.
While the hackers infiltrated consumer hardware, their primary objectives were high-level institutions. Government agencies, foreign ministries, and third-party email providers were the main targets of this wide-reaching reconnaissance effort. Authorities now urge all users to audit their router security settings immediately to mitigate further risks.