UK exposes Russian military intelligence hijacking vulnerable routers for cyber attacks — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated Jun 10, 2026

Severity: Critical | View Full Scam Details

UK Exposes Russian Military Intelligence Hijacking Vulnerable Routers for Cyber Attacks in India — 2026 Phishing Alert

This 2026 cyber threat involves alleged Russian military intelligence exploiting insecure home and office routers, targeting Indian internet users for phishing and cyber espionage.

What Is the UK Exposes Russian Military Intelligence Hijacking Vulnerable Routers for Cyber Attacks?

Reports from UK cyber authorities reveal a critical cyber espionage scheme where alleged Russian military intelligence operatives hijack poorly secured routers to launch phishing attacks and sophisticated cyber intrusions. The scam primarily exploits vulnerabilities in consumer and small office network routers that lack recent security patches and strong passwords.

In India, where rapid internet adoption has led to millions using home broadband and small business routers, this threat is particularly relevant. Many routers sold and deployed in Indian households remain vulnerable due to outdated firmware or default credentials, exposing not just individual users but also business networks to risk. CERT-In, India’s official cybersecurity agency, has flagged similar router-targeted tactics in past advisories, emphasizing the need for prompt patching and secure configurations.

This phishing-related cyber attack leverages hijacked routers to reroute web traffic and inject fake login pages, stealing sensitive credentials like UPI PINs, Aadhaar-linked authentication details, and banking passwords. While the exact number of affected Indian users is unavailable, growing reports to cybercrime.gov.in and the 1930 cybercrime helpline indicate rising incidents.

How This Scam Works — Step by Step

1. Router Hijacking: Scammers allegedly exploit weak/default router passwords or unpatched firmware to gain control over the victim’s router remotely.

2. Traffic Redirection: Once in control, the attacker manipulates the router’s Domain Name System (DNS) settings to redirect traffic to fake websites mimicking genuine Indian services like UPI apps, Aadhaar portals, or online banking platforms.

3. Phishing Page Display: When victims attempt to log in to their regular financial or government service sites, they are silently directed to counterfeit websites crafted to harvest login credentials and OTPs.

4. Credential Capture: Victims unknowingly enter their sensitive data on these fake pages. Attackers immediately use this information to access accounts, initiate fraudulent transactions, or even request UPI reversals.

5. SIM Swap and Identity Misuse: In some instances, attackers use stolen Aadhaar details for SIM swap scams, gaining control over mobile numbers to intercept OTPs, deepening the financial loss.

6. Money Drain: Using the harvested credentials, attackers transfer funds from victims' bank accounts via UPI or other channels, often in small amounts spread over multiple transactions to avoid detection.

Real Warning Signs to Watch For

• Unexpected slow internet speeds or frequent disconnections despite normal service conditions.
• Sudden prompts to re-enter login credentials or OTPs on websites where you usually stay logged in.
• Browser URLs displaying misspellings or unusual domains when accessing sensitive portals (e.g., us**@bank replaced by slight variations).
• Receiving unexpected SMS or WhatsApp messages with links asking for personal or financial details.
• Inability to access your router’s admin dashboard using known passwords.
• Alerts from your bank or UPI app about transactions you did not initiate.
• Phone calls claiming to be from your bank or telecom operator demanding OTPs or Aadhaar details urgently.

What Happens to Victims

Victims of this router hijacking phishing scam can suffer significant financial losses. Funds may be silently drained from their bank accounts through UPI or net banking, often before they realize the credentials have been compromised. UPI transaction reversals are difficult once the attacker controls the linked mobile or authenticator apps.

Beyond the financial blow, victims face emotional distress from identity misuse and privacy invasion, especially when Aadhaar details are involved. Unauthorized SIM swaps can lock them out of essential services or lead to further phishing calls claiming to be from legitimate institutions. The ripple effect can disrupt everyday life and cause long-lasting distrust in digital services among Indian users.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) has long warned about the risks of phishing and unauthorized access to digital payment systems like UPI. Its advisories urge users to secure devices and avoid sharing OTPs or PINs.

CERT-In has issued guidelines emphasizing router security, recommending changing default passwords, regularly updating firmware, and monitoring network activity to detect anomalies. The Ministry of Home Affairs’ Indian Cyber Crime Coordination Centre (I4C) also encourages users to report cybercrime promptly via the 1930 helpline and cybercrime.gov.in.

Together, these agencies underline the importance of securing home and office networks against these evolving threats and encourage vigilance, especially given the critical role routers play as gateways to the internet.

How to Protect Yourself

1. Change Router Default Passwords Immediately: Use strong, unique passwords for router access, avoiding common phrases or default settings.

2. Update Router Firmware Regularly: Check your device manufacturer’s website or app to install security patches promptly.

3. Disable Remote Management: Turn off remote router administration features unless absolutely necessary.

4. Use Secure DNS Services: Consider configuring trusted DNS like those recommended by CERT-In or RBI to avoid malicious redirection.

5. Never Enter Credentials on Suspicious Links: Always verify the URL before entering UPI PINs, Aadhaar information, or bank passwords.

6. Monitor Bank and UPI Transactions Frequently: Set transaction alerts and report any unauthorized activity immediately.

7. Secure Your Aadhaar Details: Avoid sharing Aadhaar-linked OTPs and use UIDAI’s official channels for authentication only.

What to Do If You've Been Targeted

• Immediately change your router password and restore factory settings if necessary.
• Contact your bank or UPI provider to freeze or block accounts showing suspicious activity.
• Report the incident at cybercrime.gov.in and call the 1930 cybercrime helpline for assistance.
• Inform your mobile operator about possible SIM swap attempts; request a change of SIM or number if needed.
• File a police complaint (FIR) with local cybercrime authorities providing all relevant details and screenshots.
• Keep all communication related to the scam as evidence, including messages, emails, and call logs.

Frequently Asked Questions

Q1: How can attackers hijack my router without physical access?
Attackers exploit weak or default passwords and unpatched firmware vulnerabilities that allow remote login to your router’s admin interface. Without proper security, they can change settings from anywhere in the world.

Q2: Why is my UPI app asking for OTP repeatedly after this hack?
Because attackers alter DNS settings, your UPI app tries to authenticate over fake login pages, causing repeated OTP requests. This is a sign your internet traffic is being intercepted.

Q3: Can changing my Aadhaar-linked mobile number prevent this scam?
While changing your mobile number can reduce SIM swap risk, securing your router and personal credentials is critical. Avoid sharing OTPs or Aadhaar details outside official channels.

Verify suspicious messages and URLs at BharatSecure.app and report cyber fraud immediately by calling 1930.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.