Russia Hacked Routers to Steal Microsoft Office Tokens
Summary
Russian military intelligence hackers are exploiting vulnerabilities in older internet routers to steal Microsoft Office authentication tokens from over 18,000 networks. This campaign allows them to access sensitive data without deploying malware. The attackers are using known flaws in the routers to facilitate this widespread token harvesting.
IFF Assessment
This is bad news for defenders as state-sponsored actors are leveraging existing infrastructure vulnerabilities to conduct a widespread, stealthy espionage campaign.
Defender Context
This highlights the persistent threat of supply chain attacks and the importance of securing edge devices like routers, which can become vectors for broader network compromise. Defenders should prioritize patching and monitoring for signs of router compromise and unauthorized token exfiltration.