Russian Military Hackers Reroute British Internet Users’ Traffic

The attack leveraged a classic BGP hijack, where compromised routers announced false routes for large swaths of UK IP space. Analysts traced the malicious announcements to infrastructure linked to Russia’s Main Directorate of the General Staff (GRU), a unit known for cyber‑espionage. By inserting themselves into the path of ordinary web requests, the hackers were able to divert traffic destined for popular services toward servers under their control. The operation affected multiple ISPs and remained undetected for several hours before network monitoring tools flagged the anomalous routing changes.

The redirection exposed UK users to potential credential harvesting, malware injection, and surveillance of corporate communications. Financial institutions, media outlets, and government portals that rely on uninterrupted connectivity faced heightened risk of data leakage. The National Cyber Security Centre (NCSC) coordinated an emergency response, working with affected ISPs to withdraw the fraudulent routes and restore legitimate traffic within 48 hours. Companies were urged to review their network monitoring capabilities and to implement additional layers of encryption to mitigate the impact of any future routing compromise.

The incident reignites calls for broader adoption of Resource Public Key Infrastructure (RPKI) and stricter validation of routing announcements worldwide. Industry groups such as the Internet Engineering Task Force (IETF) and the global routing security community are lobbying for mandatory route origin authentication to close the loophole exploited by state‑backed actors. As geopolitical tensions drive more sophisticated cyber‑operations, enterprises must treat routing security as a critical component of their overall risk management strategy, integrating real‑time alerts and cross‑border information sharing.