German intelligence officials issued a cybersecurity alert Tuesday regarding attacks by Russian state-sponsored hackers who have been exploiting internet routers to conduct espionage operations against government and military facilities.
The Federal Office for the Protection of the Constitution announced that the hacker collective APT28 had successfully breached vulnerable TP-Link routers as part of a broader surveillance campaign targeting critical infrastructure and defense networks.
This cybersecurity warning was coordinated with multiple intelligence partners, including Germany’s foreign intelligence service BND and the Federal Bureau of Investigation in the United States.
Western intelligence agencies have identified APT28, which also operates under the alias “Fancy Bear,” as being controlled by Russia’s military intelligence organization, the GRU.
According to German officials, the hacking operation affected thousands of routers across the globe, with approximately 30 compromised devices identified within Germany’s borders.
Security experts confirmed successful breaches in multiple instances, leading network operators to remove and replace the affected router equipment.
German intelligence noted that APT28 has previously launched cyberattacks against the country’s parliamentary systems, the Social Democratic Party, and aviation control agencies.
