int%rmitt]nt sig^al. ...~!...)5h ago
BrianKrebs

New, from me: Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code.

https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/

6:10pmWeb
Show threadDaniel Gibson6h ago
@briankrebs
The article says that TLS was involved, but isn't it supposed to prevent that?
Just because they manipulate DNS that doesn't mean they have valid private keys of the domains involved? Or have they compromised a CA as well?
Show threadBrianKrebs6h ago
@Doomed_Daniel My sense is that at some point the user might get an alert -- however vague -- that something isn't right with a site's cert, but maybe not, or maybe it doesn't usually matter.
Show threadDrew Scott Daniels6h ago
@briankrebs @Doomed_Daniel an alert pops up. You can see it using common MitM systems. Some home routers inject error messages to https when not connected to the Internet and it triggers a warning.
I sometimes get notified that Microsoft has revoked a certificate intermittently. I think they revoke certificates when they get a new one, but don’t manage to get the new one deployed to all gateways right away.
Show threadDaniel Gibson5h ago

@drewdaniels @briankrebs
Good* to see that Microsofts buggy software and overall incompetence hasn't only trained people to dismiss error messages in general, but even to ignore TLS errors specifically -_-

(*) by some definition of "good"

Show threadDaniel Gibson6h ago
@briankrebs
ah ok, missed that second info graphic, apparently users need to actively ignore TLS errors for this to work
Show threadHans-Cees 🌳🌳🤢🦋🐈🐈🍋🍋🐝🐜6h ago
@Doomed_Daniel @briankrebs and why doesnt dnssec work as intended?
Show threadRaglan Niall  6h ago
@briankrebs good luck getting tokens from my Office 2007 edition ;-)
</smug and annoying>
Show threadCatelli6h ago
@briankrebs I firmly believe that with Google (and others) forcing TLS validation on everything, and also forcing shorter TLS lifespans has contributed to training people to ignore TLS errors.
Show threadjackcole6h ago
@briankrebs it's not just passwords, toothbrushes, and smoke detectors that need to be changed regularly.
Show threadWizarro5h ago
@briankrebs coding on vibes, bruh
Show threadMatthew5h ago
@briankrebs Hmmm… https://www.404media.co/artemis-2-astronauts-microsoft-outlook-livestream/
Artemis II Astronauts Have ‘Two Microsoft Outlooks’ and Neither Work

In space, no one can hear you scream at Microsoft’s legacy software.

404 Media
Show threadferricoxide4h ago
@briankrebs

Know what would be dandy? If, instead of (effectively) prohibiting consumers from buying new hardware, they would have, instead, force all equipment makers to provide 5-10 years of security-patches for all existing (and new) equipment.
Show threadSneezy4h ago

@briankrebs

why do we never see posts about US or Israeli hacking ?

there are two possibilities

1. they don't happen. ever. nope.

2. the reporters are propaganda puppets.

Show threadscotty86 🇺🇦🕊️3h ago
@briankrebs Please do not ignore SSL errors without consulting your IT. 🙈
Please!
Show threadFlipper 🐬🏳️‍🌈2h ago
@briankrebs the solution is to use two Outlooks.
Show threadPatrick Cotter2h ago
@briankrebs Brian, your Forest Blizzard report is my reality. Case SIR23252176: I’m an NY small biz owner with 10yrs of data held by a thief. MS admits the theft but leaves a 'bot' in charge. Between token-theft & today's #BlueHammer zero-day, 'you own nothing' is a professional liability. Manually rescuing 3TB of data now to keep my clients safe. #Microsoft #SmallBusiness #Infosec
Show threadBrianKrebs1h ago
@Patrick_Cotter Wow, I thought my day was bad. Sorry to hear that dude.
Show threadPatrick Cotter1h ago
@briankrebs Appreciate that, Brian. It’s been a surreal day of building beehives(literally) to stay sane while manually rescuing 3TB of data at 48MB/s. If a pro like you thinks it’s a mess, maybe MS will finally listen to the human in the loop. Certified mail goes to their legal team tomorrow. Case SIR23252176 for anyone at Redmond actually reading this. Though doubts remain high.
Show threadBrianKrebs1h ago
@Patrick_Cotter send me a note and lmk. briankrebs.07 on signal
Show threadPatrick Cotter1h ago
@briankrebs and done! Will keep you updated there I suppose!
Show threadJoan of Contention 😷1h ago

@briankrebs

"Commander Wiseman..?"

"What is it, Mission Control?"

"Um.."