Russia Hacked Routers to Steal Microsoft Office Tokens

[Condobloke]

Krebs on Security has posted a new item.

Hackers linked to Russia's military intelligence units are using known flaws
in older Internet routers to mass harvest authentication tokens from Microsoft
Office users, security experts warned today. The spying campaign allowed
state-backed Russian hackers to quietly siphon authentication tokens from
users on more than 18,000 networks without deploying any malicious software or
code.

Russia Hacked Routers to Steal Microsoft Office Tokens – Krebs on Security

 

[KGIII]

I haven't kept count, but I've mentioned this exact problem many times.

This is one of those instances where I think open source could help. Granted, they're using some open source components (many run a light version of Linux). They're just not sharing any modifications they're making and any code they're adding on top of that.

It has been shown that many router makers do not keep them updated for any reasonable length of time.

We have a slowly growing movement called the 'Right to Repair'. This is an example of why that's a good idea.