Various authorities are now issuing warnings that affect users of certain router models. Said routers are reportedly the target of a large-scale hacking campaign by Russian actors. The concerns center around TP-Link routers, although other manufacturers are also said to be affected.

The hacker group “Fancy Bear” (also known as “APT 28”) is believed to be behind the attacks on these routers. In the past, they’ve carried out attacks on companies supporting Ukraine in the war against Russia. They’re also credited with an attack on German air traffic control and on the German SPD party’s headquarters.

The warning from Germany’s domestic intelligence agency states that the group has “infiltrated vulnerable TP-Link internet routers worldwide to obtain military information, government information, or information about critical infrastructure.”

Certain companies and households were reportedly informed of the threat back in mid-March. The letters contained details regarding affected devices. The FBI and NSA are also said to be involved in the investigations.

How to protect yourself

The attackers are exploiting a known security vulnerability in TP-Link routers, which has already been patched by the manufacturer. Anyone with a TP-Link router should therefore check as soon as possible whether all the latest router firmware updates have been installed.

Also, watch out for typical signs of DNS hijacking:

• Frequent redirects to other websites

• Security warnings from your browser or antivirus software

• Increased frequency of pop-ups and suspicious ads

• Unusually long loading times despite a stable internet connection

• Changed DNS servers (you can check these in your router’s settings)