What happens when the devices that sit between people and the internet become the very doorways intelligence services walk through? The UK's National Cyber Security Centre (NCSC) has issued a fresh warning that answers that question with a terse but alarming reality: routers are being targeted to harvest passwords and other secrets, and a major tech firm says the intrusions are already measurable.
What the agencies say
The NCSC has warned of ongoing targeting of routers by Russia's Fancy Bear, saying attackers are compromising routers to steal passwords and other secrets. Microsoft has quantified the impact: it reckons roughly 200 organisations and about 5,000 devices have been compromised so far in what the company described as "Vlad's latest intelligence grab."
How the campaign is described
The publicly reported account links router compromise with the boosting of fake sites and the exfiltration of credentials. The activity has been attributed to Fancy Bear, and the NCSC framed its notice as a “fresh warning,” underscoring continued or renewed targeting rather than an isolated incident.
Why this matters
- Scale: Microsoft’s figures — approximately 200 organisations and some 5,000 devices — indicate the campaign is not a narrowly targeted probe but has produced measurable compromises.
- Vector: By focusing on routers, attackers can intercept or redirect network traffic and harvest credentials and other sensitive material without first penetrating end-user devices.
- Trust and deception: The reported use of compromised infrastructure to boost fake sites elevates the risk of credential theft and misinformation reaching legitimate-looking destinations.
Perspectives and implications
Technologists will focus on the mechanics implied by the NCSC and Microsoft accounts: compromised network equipment enabling credential theft and site manipulation. Policymakers and network defenders are presented with a dual challenge — responding to immediate incidents while addressing the systemic vulnerabilities that make routers attractive targets. Users and organisations face harder decisions about how to detect and respond to intrusions that operate at the network edge. Finally, for adversaries, the reported campaign appears to validate routers as a force-multiplying platform for both intelligence collection and influence operations.
The NCSC's warning and Microsoft's tally together sketch a clear and unsettling pattern: a persistent campaign targeting fundamental network infrastructure, with measurable impact on hundreds of organisations and thousands of devices. If routers can be turned into instruments for harvesting credentials and amplifying fake sites, what does that mean for the lines we trust between people and the internet?
https://go.theregister.com/feed/www.theregister.com/2026/04/07/russia_fancy_bear_ncsc_router_attack/
