90Trust
Verified
🔍 Web Verified🔍 Search Verified
BrianKrebsonMastodon1d ago
New, from me: Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code.
https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/
Trust Metrics
92
95
88
80
Claim Accuracy92%
Source Quality95%
Framing & Tone88%
Context80%
Analysis Summary
This is a verified breaking story from a top-tier cybersecurity journalist. Russian military intelligence (APT28/Forest Blizzard) compromised over 18,000 routers globally by exploiting known vulnerabilities in older models, redirecting DNS traffic to steal Microsoft authentication tokens without installing malware. Multiple authoritative sources confirm the details, scope, and attribution.
Claims Analysis (3)
“Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users”
Corroborated by multiple sources confirming APT28/Forest Blizzard (GRU-linked) used router flaws to harvest tokens
“security experts warned today”
Microsoft, Black Lotus Labs, and UK NCSC published advisories on the campaign today
“The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code”
Multiple sources confirm 18,000 devices compromised at peak; no malware deployed, DNS hijacking used instead
Was this analysis helpful?
Try ClearFeed free →