Russian Hackers Exploit Router Flaws to Steal Microsoft Office Authentication Tokens — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 26, 2026

Severity: HIGH | View Full Scam Details

Beware in 2026: Russian Hackers Exploit Router Flaws to Steal Microsoft Office Authentication Tokens — A Growing Cyber Threat in India

Russian hackers are targeting vulnerable internet routers in Indian homes and businesses to steal Microsoft Office 365 authentication tokens, putting sensitive personal and work data at grave risk.

What Is the Russian Hackers Exploit Router Flaws to Steal Microsoft Office Authentication Tokens Scam?

This sophisticated phishing scam involves cybercriminals exploiting known security vulnerabilities in older internet routers commonly used across Indian households and small businesses. By breaching these routers, hackers manipulate DNS (Domain Name System) settings, redirecting users’ web traffic through malicious servers under their control. This silent interception allows attackers to steal Microsoft Office 365 authentication tokens—digital keys granting access to email, documents, contacts, and cloud storage.

India’s rapidly expanding internet user base, especially in dense urban centres like Mumbai, Delhi, Bengaluru, and Hyderabad, relies heavily on affordable routers that may not receive timely security updates. Cybercriminals specifically target these devices, because once inside, they can operate undetected and extract sensitive information from millions of Office 365 account holders, including corporate employees, freelancers, and students.

The Indian Computer Emergency Response Team (CERT-In) and the Indian government’s Integrated Cyber Crime Coordination Centre (I4C) have issued periodic advisories warning about router vulnerabilities and advanced phishing tactics. While the Reserve Bank of India (RBI) has not specifically mentioned this scam, its general guidelines on safeguarding digital transactions apply since stolen credentials could facilitate financial fraud via connected apps like UPI or linked bank accounts.

How This Scam Works — Step by Step

1. Target Selection via Router Vulnerabilities
   Hackers scan the internet for routers with outdated firmware or weak passwords, often older models widely used in Indian homes and small offices.

2. Router Compromise & DNS Hijacking
   Once the router is accessed, attackers change its DNS settings to redirect internet traffic through their controlled servers without alerting the user.

3. User Logs into Microsoft Office 365
   When the victim opens Office 365 services (Outlook, OneDrive, Teams), their login requests are intercepted.

4. Authentication Token Theft
   The attacker silently captures authentication tokens that the system uses to verify the user without prompting for passwords again.

5. Unauthorized Access & Data Theft
   Using these tokens, hackers access emails, business documents, contact lists, and cloud files.

6. Further Fraud Attempts
   Attackers may use stolen Office accounts to conduct spear-phishing on contacts, request fraudulent payments via UPI or online banking, or commit identity theft by exploiting data like Aadhaar-linked email addresses.

Real Warning Signs to Watch For

• Sudden slow internet or frequent disconnections without activity from your side.
• Browser redirects to unfamiliar websites when accessing routine sites like Microsoft Office or Outlook.
• Receiving unexpected password reset emails or login alerts from Microsoft without your action.
• Strange contacts appearing in your Office 365 email or Teams chat groups.
• Inability to access your router’s admin panel with usual credentials.
• Unknown IP addresses shown in router logs or connected device lists.
• Unexplained requests for UPI payments or sensitive info from colleagues or clients after an email interaction.

What Happens to Victims

Victims often suffer serious financial and emotional consequences. Because stolen Office 365 tokens give attackers access to work emails and contacts, they can impersonate victims to request UPI transactions or bank transfers, leading to rapid monetary losses that are hard to reverse due to India’s current UPI dispute resolution limits.

Sensitive personal data like Aadhaar-linked emails can be harvested for identity fraud or SIM swap attacks, intensifying risks of account takeovers and unauthorized access to government or financial services.

Victims frequently report feelings of violation, stress, and helplessness while navigating slow law enforcement processes or RBI’s banking grievance redressal mechanisms.

What RBI and CERT-In Say

While there is no RBI advisory specifically on stolen Microsoft authentication tokens, RBI’s cyber fraud helpline (1860 180 1947) and its cybersecurity guidelines emphasize securing all digital IDs, using multi-factor authentication, and reporting promptly.

CERT-In regularly alerts users about the dangers of outdated router firmware and advises users to change default passwords and keep routers updated to block DNS hijacking attempts.

The I4C under the Ministry of Home Affairs encourages victims to report cybercrimes via cybercrime.gov.in or by calling the national cybercrime helpline 1930 for swift assistance.

How to Protect Yourself

1. Update Your Router Firmware Regularly — Check manufacturers’ websites for patches and install them promptly.
2. Change Default Router Passwords to Strong, Unique Ones — Avoid passwords like “admin123” or “password.”
3. Enable Two-Factor Authentication (2FA) on Microsoft Office 365 Accounts — This adds an extra layer of protection beyond tokens.
4. Verify Your Router's DNS Settings — Look for unusual IP addresses; reset to default if unsure.
5. Use Security Software That Can Detect DNS Hijacking — Many Indian antivirus apps now include this feature.
6. Monitor Microsoft Account Activity — Regularly check login history for unknown devices or locations.
7. Educate Family and Colleagues About Phishing Risks — Cybercriminals often exploit social engineering after initial breaches.

What to Do If You’ve Been Targeted

• Immediately disconnect your router and reset it to factory settings; then update its firmware and change passwords.
• Change passwords for your Microsoft Office 365 account and enable 2FA if not done already.
• Report the incident on cybercrime.gov.in and call the cybercrime helpline at 1930 for guidance.
• Inform your bank and UPI service provider about any suspicious transactions and request account monitoring or freezes.
• Contact RBI’s banking fraud helpline at 1860 180 1947 to report financial fraud.
• Report the incident to CERT-In through their reporting portal or helpline for technical mitigation help.
• Keep track of all communications, transaction IDs, and screenshots for future legal or insurance claims.

Frequently Asked Questions

Q1: Can hackers steal money directly from my bank through this scam?
Yes. While the scammers primarily steal Microsoft Office tokens, they can impersonate you to request UPI payments or phishing emails asking for bank details, which can lead to unauthorized money transfers.

Q2: My router doesn’t show any signs of tampering. Can I still be at risk?
Yes. Many DNS hijacks do not cause noticeable router malfunctions. Checking DNS settings and monitoring account activity is crucial even when your internet seems fine.

Q3: Is enabling Two-Factor Authentication enough to protect my Office 365 account?
2FA significantly reduces risk but does not eliminate it. Updating your router, securing your network, and being vigilant about phishing attempts remain essential.

Stay alert and protect your digital life from such cyber threats. If you receive suspicious messages or detect unusual account behaviour, verify them immediately at BharatSecure.app — your trusted partner against online fraud.