Russian Hackers Steal Microsoft Office Tokens via Routers – Veri Sızıntısı
Live
Search
Company
About Founder's Note Press & Media Privacy Policy Terms of Service FAQ Brand Kit
Products
HUBOne HUBCorp Coming Soon Veri Sızıntısı Android Coming Soon Veri Sızıntısı iOS Coming Soon Veri Sızıntısı Huawei Coming Soon Breach Radar Argus Flow Argus Engine LivePlatform
Technologies
What is Argus AI? Try on HUBOne What is Argus Flow? What is Argus Engine?
Blog Contact

Russian Hackers Exploit Routers to Steal Microsoft Office Tokens

Hackers linked to Russian military intelligence exploited known vulnerabilities in older internet routers to steal authentication tokens from many Microsoft Office users. This spying campaign allowed state-backed actors to quietly siphon sensitive login data.

Russian Hackers Exploit Routers to Steal Microsoft Office Tokens

Russian Hackers Target Routers for Microsoft Office Tokens

Security experts have issued a warning regarding a sophisticated spying campaign attributed to hackers associated with Russia's military intelligence units. These state-backed actors are reportedly exploiting known vulnerabilities in older internet routers to conduct a mass harvesting of authentication tokens from Microsoft Office users.

Attack Details and Methodology

The core of this operation involves identifying and compromising outdated internet routers that contain known, unpatched security flaws. Once a router is breached, the attackers can leverage their access to intercept traffic and siphon off authentication tokens. These tokens, critical for maintaining user sessions, allow hackers to bypass traditional login credentials and gain unauthorized access to Microsoft Office accounts.

  • Attacker Group: Linked to Russian military intelligence units.
  • Target Vector: Known flaws in older Internet routers.
  • Stolen Data: Microsoft Office authentication tokens.
  • Objective: Covert spying and unauthorized access to user accounts.

Implications of Stolen Authentication Tokens

Authentication tokens are highly valuable to attackers. With a valid token, an adversary can impersonate a legitimate user, gaining access to their emails, documents, and other cloud-based services without needing the user's password. This can lead to:

Has your email been leaked? Check for free — results in seconds.

Check Now →
  • Unauthorized access to sensitive corporate or personal data.
  • Further lateral movement within an organization's network.
  • Espionage and data exfiltration.

Recommendations for Users and Organizations

To mitigate the risks associated with such attacks, cybersecurity professionals recommend several key actions:

  • Update Routers: Ensure all internet routers, especially older models, are running the latest firmware with all security patches applied. Consider replacing end-of-life hardware.
  • Enable Multi-Factor Authentication (MFA): MFA significantly reduces the risk of token theft by requiring a second verification step, even if a token is compromised.
  • Monitor Network Traffic: Regularly monitor network logs and user activity for suspicious patterns that might indicate compromise.
  • Security Awareness Training: Educate users about phishing attempts and the importance of secure online practices.

Source

https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/

Share This Article
X LinkedIn WhatsApp
← Previous Post GrafanaGhost: New Attack Method Leaks Enterprise Data via Grafana Next Post → Iran-Linked Hackers Disrupt US Critical Infrastructure via PLCs

Weekly Newsletter

Curated data breach news delivered to your inbox every week.