This Russian Military Intelligence Group Has Been Stealing People's Sensitive Data, so You Might Want to Connect Your Router Through a VPN

The recent NCSC alert shines a light on how Russian intelligence unit APT28 leverages a simple DNS misconfiguration to commandeer consumer‑grade routers across the United Kingdom. By inserting a malicious DNS entry, the group forces unsuspecting devices to route traffic through servers under its control, effectively turning ordinary home networks into data‑exfiltration points. This technique bypasses traditional endpoint defenses because the compromise occurs before encryption can be applied, making it a potent vector for large‑scale information gathering.

For individuals, the stolen data ranges from login credentials and private messages to detailed browsing habits, which can be repurposed for credential stuffing attacks or tailored disinformation campaigns. Enterprises face a higher stake: compromised router traffic can expose proprietary designs, supply‑chain details, and defense‑contract information, feeding intelligence analysts with actionable insights. The breadth of the net suggests APT28 is building a comprehensive profile of both consumers and strategic industries, potentially to influence public opinion or to support future espionage operations.

Mitigation hinges on encrypting traffic at the network edge. Deploying a reputable VPN—such as NordVPN, ProtonVPN, or ExpressVPN—on the router ensures all outbound packets are encapsulated before they encounter the malicious DNS redirect, rendering the hijack ineffective. Organizations should also audit firmware versions, enforce strong router passwords, and segment IoT devices from critical assets. As the line between personal privacy and national security blurs, adopting VPNs and hardening home infrastructure are no longer optional but essential components of a resilient cyber posture.