Skip to content
logo The magazine for digital lifestyle and entertainment
A brand of Bild
News Router Security All topics
Urgent Security Measure

Current Attack! Owners of These Routers Must Act

Warning Notice
Russian hackers are targeting routers, particularly those from one manufacturer. Photo: Getty Images
Share article

April 9, 2026, 11:45 am | Read time: 2 minutes

The Russian hacker group APT28, also known as “Fancy Bears,” hijacks routers worldwide to steal information and credentials. They exploit security vulnerabilities for which patches already exist but are often not installed.

Russian hacker groups have once again come under the scrutiny of security agencies. The Federal Office for the Protection of the Constitution warns of targeted attacks on private users’ routers by the group APT28, also known as “Fancy Bears.” These hackers use compromised devices to steal information and carry out further cyberattacks.

APT28 and Their Activities

APT28 is attributed to the Russian intelligence agency GRU and is known for numerous attacks, including one on the German Bundestag in 2015. The German Air Traffic Control was also targeted by the hackers in August 2024. In the current attacks, they exploit security vulnerabilities in routers for which patches are available but have not been applied by many users.

The group has already infiltrated thousands of routers worldwide. The affected devices redirect legitimate website requests, allowing hackers to capture credentials unnoticed. Devices from TP-Link, which are particularly vulnerable to these attacks, are especially targeted.

Protective Measures Against Hacker Attacks

The Federal Office for the Protection of the Constitution has identified 30 vulnerable TP-Link routers in Germany and informed their owners. Users of TP-Link routers should take some precautions to protect themselves from such attacks.

Also of interest: Router ban in the U.S. turns the global market upside down

  • Firmware Update: Log in to your router and perform a firmware update to close known security gaps.
  • Replace outdated devices: If no updates are available, it is advisable to replace the device.
  • Disable remote access: Disable the remote maintenance function if your router’s admin access is accessible from the internet.
  • Take certificate errors seriously: If you receive certificate errors when accessing websites, close them immediately and do not log in.
  • Change passwords: If errors occur after entering credentials, change the affected passwords immediately.
  • Reset the router: If you suspect a hacker attack, reset your router to factory settings and install all available updates.

This article is a machine translation of the original German version of TECHBOOK and has been reviewed for accuracy and quality by a native speaker. For feedback, please contact us at info@techbook.de.

You have successfully withdrawn your consent to the processing of personal data through tracking and advertising when using this website. You can now consent to data processing again or object to legitimate interests.