Britain’s National Cyber Security Centre warned that a Russian military cyber unit has compromised common home routers, rerouting traffic through servers it controls. The group, identified as APT28, exploited flaws in devices from TP‑Link and MikroTik to hijack DNS queries, letting attackers intercept passwords and tokens from email and web services. The operation targets millions of UK users. Victims may not notice any visual cue.

NCSC director Paul Chichester said the breach shows how vulnerable network gear can become a foothold for sophisticated espionage actors. He urged firms and consumers to apply firmware patches, enable automatic updates and run regular antivirus scans. The agency believes the campaign is opportunistic, casting a wide net before narrowing on intelligence‑grade targets. Failure to patch could expose critical infrastructure.

The incident arrives as Washington has barred new foreign‑made consumer routers, citing supply‑chain risk, and comes after US researchers linked TP‑Link hardware to Chinese campaigns such as Salt Typhoon. While the router maker dismissed the claim as a myth, the NCSC’s advisory could spur enterprise buyers to reassess legacy equipment and accelerate migration to vetted, domestically sourced solutions. Analysts expect heightened scrutiny of Asian‑origin hardware.