Vigyata.AI
Is this your channel?

Russia Hijacked 18,000 Home Routers to Steal Microsoft 365 Tokens #cybersecurity #homelab

12.4K views· 335 likes· 2:49· Apr 25, 2026

Russia's military intelligence just spent a year stealing Microsoft 365 sessions without needing your password or your MFA code. Here's how they did it — and what the FBI did about it. The GRU's APT28 unit — also called Fancy Bear and Forest Blizzard — compromised more than 18,000 small-office and home routers, mostly older TP-Link and MikroTik boxes with known unpatched vulnerabilities. They changed DNS settings on the routers and redirected Microsoft authentication traffic to attacker-controlled servers, harvesting OAuth tokens after users completed login and MFA. The UK's NCSC first flagged the campaign in August 2025. Lumen's Black Lotus Labs tracked the router exploitation to a December 2025 peak. FBI Boston led Operation Masquerade in April 2026, pushing court-authorized commands to reset DNS settings on compromised routers across 23 US states. Reporting: https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/ More on cybersecurity, privacy, scams, and homelab on Hake Hardware. New shorts every weekday.

🎬 More from Hake Hardware