Russia's Fancy Bear still attacking routers to boost fake sites, NCSC warns
Summary
Russia's Fancy Bear (APT28) group is continuing its campaign of compromising routers to create fake websites for intelligence gathering. The UK's National Cyber Security Centre (NCSC) has warned that approximately 200 organizations and 5,000 devices have been compromised globally in this ongoing effort.
IFF Assessment
This is bad news for defenders as a persistent nation-state actor is actively compromising network infrastructure to facilitate further espionage and potentially disinformation campaigns.
Defender Context
Defenders should be vigilant about router security, as compromised routers can be used for a variety of malicious purposes, including credential theft and hosting fake websites for phishing or disinformation. Implementing strong router passwords, keeping firmware updated, and monitoring network traffic for unusual activity are crucial mitigation steps.