BrianKrebs1d ago

New, from me: Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code.

https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/

Show threadDaniel Gibson1d ago
@briankrebs
The article says that TLS was involved, but isn't it supposed to prevent that?
Just because they manipulate DNS that doesn't mean they have valid private keys of the domains involved? Or have they compromised a CA as well?
Show threadDaniel Gibson1d ago
@briankrebs
ah ok, missed that second info graphic, apparently users need to actively ignore TLS errors for this to work
Show threadAndreas K

@Doomed_Daniel
And Microsoft users seem to be trained by regular Microsoft behaviour to ignore TLS certificate errors.

Slowly claps hands. Well done Microsoft.

@briankrebs

Apr 8 at 3:40amFedilab