Russia's military intelligence just spent a year stealing Microsoft 365 sessions without needing your password or your MFA code. Here's how they did it — and what the FBI did about it. The GRU's APT28 unit — also called Fancy Bear and Forest Blizzard — compromised more than 18,000 small-office and home routers, mostly older TP-Link and MikroTik boxes with known unpatched vulnerabilities. They changed DNS settings on the routers and redirected Microsoft authentication traffic to attacker-controlled servers, harvesting OAuth tokens after users completed login and MFA. The UK's NCSC first flagged the campaign in August 2025. Lumen's Black Lotus Labs tracked the router exploitation to a December 2025 peak. FBI Boston led Operation Masquerade in April 2026, pushing court-authorized commands to reset DNS settings on compromised routers across 23 US states. Reporting: https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/ More on cybersecurity, privacy, scams, and homelab on Hake Hardware. New shorts every weekday.

New VS Code Zero-Day Steals GitHub Tokens in One Click
1.5K views

Microsoft Backs Down on Threats Against Zero-Day Researcher
6.4K views

CIFSwitch Linux Kernel Bug: Any Logged-In User Gets Root
2.3K views

BusPatrol Wants 40,000 School Buses to Be Police Plate Trackers
4.2K views

How the Mirai Trio Avoided Prison (Part 6 of 6)
1.7K views

How the FBI Tracked Down the Mirai Trio (Part 5 of 6)
1.6K views