{"id":232342,"date":"2026-04-07T19:47:00","date_gmt":"2026-04-07T23:47:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/07\/feds-quash-widespread-russia-backed-espionage-network-spanning-18000-devices\/"},"modified":"2026-04-07T21:21:40","modified_gmt":"2026-04-08T01:21:40","slug":"feds-quash-widespread-russia-backed-espionage-network-spanning-18000-devices","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/07\/feds-quash-widespread-russia-backed-espionage-network-spanning-18000-devices\/","title":{"rendered":"Feds quash widespread Russia-backed espionage network spanning 18,000 devices"},"content":{"rendered":"<p><a href=\"https:\/\/cyberscoop.com\/forest-blizzard-apt28-routers-espionage-campaign-operation-masquerade\/\">Feds quash widespread Russia-backed espionage network spanning 18,000 devices<\/a><\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/forest-blizzard-apt28-routers-espionage-campaign-operation-masquerade\/\">https:\/\/cyberscoop.com\/forest-blizzard-apt28-routers-espionage-campaign-operation-masquerade\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-07 19:47:00<\/a><\/p>\n<p>Source Domain: <a href=\"cyberscoop.com\">cyberscoop.com<\/a><\/p>\n<p>Russian state-sponsored attackers compromised more than 18,000 routers spread across more than 120 countries to gain deeper access to sensitive networks for a large-scale espionage campaign before it was recently neutralized, researchers and authorities said Tuesday.<\/p>\n<p>Forest Blizzard, also known as APT28 and Fancy Bear, exploited known vulnerabilities to steal credentials for thousands of TP-Link routers globally. The threat group, which is attributed to Russia\u2019s Main Intelligence Directorate of the General Staff (GRU) Military Unit 26165, hijacked domain name system settings and stole additional credentials and tokens via redirected traffic, the Justice Department said.<\/p>\n<p>The threat group established an expansive espionage network by intruding systems of more than 200 organizations, impacting at least 5,000 consumer devices, Microsoft Threat Intelligence said in a report.\u00a0<\/p>\n<p>Operation Masquerade, a collaborative takedown operation led by the FBI, aided by federal prosecutors, the National Security Division\u2019s National Security Cyber section, Lumen\u2019s Black Lotus Labs and Microsoft Threat Intelligence, involved a series of commands designed to reset DNS settings and prevent the threat group from further exploiting its initial means of access.\u00a0<\/p>\n<p>\u201cGRU actors compromised routers in the U.S. and around the world, hijacking them to conduct espionage. Given the scale of this threat, sounding the alarm wasn\u2019t enough,\u201d Brett Leatherman, assistant director of the FBI\u2019s cyber division, said in a statement. \u201cThe FBI conducted a court-authorized operation to harden compromised routers across the United States.\u201d<\/p>\n<p>Forest Blizzard\u2019s widespread campaign involved adversary-in-the-middle attacks against domains mimicking legitimate services, including Microsoft Outlook Web Access. This allowed attackers to intercept passwords, OAuth tokens, credentials for Microsoft accounts, and other services and cloud-hosted content.\u00a0<\/p>\n<p>Microsoft insists&#8230;<\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/forest-blizzard-apt28-routers-espionage-campaign-operation-masquerade\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Feds quash widespread Russia-backed espionage network spanning 18,000 devices https:\/\/cyberscoop.com\/forest-blizzard-apt28-routers-espionage-campaign-operation-masquerade\/ Publish Date: 2026-04-07 19:47:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":232343,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2025\/03\/GettyImages-1327354395.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[],"class_list":["post-232342","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/232342"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=232342"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/232342\/revisions"}],"predecessor-version":[{"id":232344,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/232342\/revisions\/232344"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/232343"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=232342"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=232342"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=232342"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}