Russian Hackers Exploit Router Flaws for Microsoft Office Token Theft — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 26, 2026

Severity: HIGH | View Full Scam Details

Beware in 2026: Russian Hackers Exploit Router Flaws to Steal Microsoft Office Tokens in India

Russian hackers are targeting outdated home and office routers across India to steal Microsoft Office credentials through a sneaky phishing attack with serious risks.

What Is the Russian Hackers Exploit Router Flaws for Microsoft Office Token Theft?

This cybercrime scam involves Russian hackers—linked to the notorious APT28 group associated with Russian military intelligence—exploiting security flaws in older internet routers. Their main target is Microsoft Office users in homes and small offices who rely on routers with outdated firmware and weak security settings. In India, millions still use older router models that lack timely software updates or proper passwords, making them vulnerable.

By attacking routers, these hackers redirect internet traffic through servers they control. This lets them intercept Microsoft Office login tokens—digital keys that allow access without re-entering passwords. Once stolen, hackers can remotely access users’ Office 365 accounts and steal sensitive data like emails, documents, and cloud files. The scam exploits the growing work-from-home trend in India and dependence on cloud software for business and personal use.

Indian authorities like CERT-In (Computer Emergency Response Team-India) and I4C (Indian Cyber Crime Coordination Centre) have issued warnings about router and IoT device vulnerabilities, especially after a rise in similar attacks reported in 2025-2026. Though RBI hasn’t issued a direct advisory on this scam, its emphasis on secure digital transactions underscores the risks posed when foundational home network devices are compromised.

How This Scam Works — Step by Step

1. Scanning for Vulnerable Routers: Hackers use automated tools to scan IP addresses in India, searching for routers with outdated firmware or default passwords commonly found in homes and small offices.

2. Infecting the Router: Once a weak router is identified, the hackers exploit known vulnerabilities to take control. This often doesn’t alert victims because routers don’t have strong security alerts.

3. Man-in-the-Middle Attack Begins: The compromised router silently redirects web traffic related to Microsoft Office 365 login pages through the attacker’s servers.

4. Office Token Theft: When the victim logs into Microsoft Office apps or Outlook, the hackers steal authentication tokens—digital keys that bypass the need for the password but grant full access.

5. Phishing Email Sends: To deepen access, attackers send phishing emails from compromised accounts to the victim’s contacts, spreading malware or requesting sensitive information like Aadhaar details or UPI PINs.

6. Data Theft and Misuse: Using stolen tokens, hackers access corporate secrets, personal files, and emails. They can even initiate fraudulent financial transactions if bank details or UPI credentials are exposed.

Real Warning Signs to Watch For

• Sudden slow internet speeds or frequent disconnections with your router.
• Unexpected password resets or inability to access router settings.
• Receiving Microsoft Office login notifications on devices you’re not using.
• Emails from trusted contacts with unusual links or urgent requests related to financial details.
• Suspicious login alerts from Microsoft accounts or unrecognized IP addresses.
• Unusual OTP or UPI transaction alerts on your phone.
• Your antivirus or firewall flags traffic from your router or browser.

What Happens to Victims

Victims in India face serious consequences. Financially, stolen Microsoft Office tokens can lead to data breaches that expose Aadhaar-linked documents, PAN cards, or bank details saved in emails or cloud. Fraudsters then use this to initiate fake UPI transactions or SIM swap frauds, draining bank accounts in INR often before victims notice.

Emotionally, the stress of losing sensitive information and trust leads to fear and helplessness. Many small business owners and freelancers suffer lost income when client data or invoices accessed via Office accounts are compromised. Victims often must spend weeks resolving identity theft issues with banks, telecom operators, and government offices.

What RBI and CERT-In Say

While RBI’s main focus is financial transaction security, it advises users to secure all digital endpoints connected to banking and UPI apps. CERT-In has emphasized patching routers and smart devices immediately and issued alerts on supply chain attacks that include router compromises. The Indian Cyber Crime Coordination Centre (I4C) actively collaborates with telecom companies and internet service providers to track and block such threats.

If you suspect a cyberattack, CERT-In recommends reporting immediately via their official portals and contacting the 1930 Cybercrime helpline. RBI’s fraud helpline can assist if financial accounts linked to the scam are impacted.

How to Protect Yourself

1. Update Router Firmware Regularly: Check your router manufacturer’s website and install the latest software patches to close security gaps.

2. Change Default Router Passwords: Use strong, unique passwords that combine letters, numbers, and symbols.

3. Disable Remote Management: Turn off remote access features unless absolutely necessary.

4. Use Multi-Factor Authentication (MFA): Enable MFA on Microsoft Office accounts, UPI apps, and email services to add an extra security layer beyond tokens.

5. Monitor Microsoft Office Account Activity: Regularly check for unusual login reminders or IP addresses in account settings.

6. Avoid Clicking Suspicious Links: Do not open emails or WhatsApp messages asking for personal details, especially financial data or Aadhaar numbers.

7. Keep Antivirus and Firewall Active: Ensure your devices have updated security tools that can detect malicious traffic rerouted via your router.

What to Do If You’ve Been Targeted

• Immediately Disconnect Your Router from the internet to stop ongoing data interception.
• Change All Passwords: Start with Microsoft Office, UPI, bank accounts, and email passwords.
• Report the Incident: File a complaint on cybercrime.gov.in and call the national cybercrime helpline at 1930.
• Contact Your Bank and Telecom Operator: Inform them about potential UPI or SIM swap fraud and freeze accounts if suspicions arise.
• Reach Out to CERT-In: Report device compromise via their portal or email to seek expert advice.
• Scan Your Devices: Use a trusted antivirus tool to remove malware.
• Inform Trusted Contacts: Warn people in your email or WhatsApp contacts who may receive phishing messages.

Frequently Asked Questions

Q: How can hackers steal Microsoft Office tokens just by hacking my router?
A: They redirect your internet traffic through their servers, intercepting authentication tokens during login. Tokens let hackers bypass passwords and access your account directly.

Q: Does this scam only affect businesses?
A: No, it targets home users too—as many home routers in India remain outdated and unsecured, making anyone using Microsoft Office vulnerable.

Q: Can RBI help if my UPI account is drained because of this?
A: Yes, RBI’s grievance redressal system and toll-free helpline assist users in reporting unauthorized transactions and facilitate reversals where possible.

Stay alert and protect your digital world. If you receive suspicious messages or notice strange activity on your accounts, verify immediately at BharatSecure.app to keep your data and money safe.