Think Positive Cyber

A router can look ordinary and still become the most important device in a cyberattack. New reporting says Russia-linked hackers exploited older or poorly secured small-office and home-office routers, changed their DNS settings, and turned them into silent traffic guides. Instead of dropping flashy malware, they used the network itself to steer users toward attacker-controlled infrastructure.

What makes this stand out is the target: authentication tokens tied to Microsoft web services. Microsoft said Forest Blizzard used DNS hijacking and adversary-in-the-middle techniques against Outlook on the web–related domains, letting the attackers capture tokens after normal sign-in steps. That means even people who completed multi-factor authentication could still be exposed if the router in front of them had already been compromised.

The lesson is simple: a safe account also depends on a safe network path. Old routers, unsupported firmware, default settings, and delayed updates can open the door long before a person notices anything wrong. This story is a reminder to update router firmware, replace end-of-life gear, review DNS settings, and treat the router as part of personal and business security, not just the box that makes Wi-Fi work.