At the beginning of April, Säpo revealed that the state-owned Chinese hacker group APT31 carried out extensive cyber attacks in the years 2020 and 2021. This with the help of completely ordinary consumer routers that were in the homes of unsuspecting Swedes.
There are usually two reasons why hackers want to infect routers, according to Karl Emil Nikka, IT security specialist and author.
– One reason is that attackers want to carry out overload attacks against Swedish websites and authorities, and then a large amount of internet connections are needed to be able to carry that out, he says.
Can spy on internet traffic
The reason Swedish routers are hijacked is to make it harder for the intended target to see where the connections are coming from. Thereby, the attacker reduces the risk that the victim will block internet traffic from that country in order to stop the cyber attack.
– If the traffic comes from Sweden, the website cannot block traffic from Sweden, because that would mean that all Swedes would suddenly be excluded from important websites and services they have the right to access, says Karl Emil Nikka, and continues:
– This method of attack is not in itself so harmful to you as an individual. In this case, it can be seen that you and your router are being exploited by the attackers in order for them to reach their goal. However, it is extremely serious at the societal level.
The other reason hackers want to infect routers may be to spy on internet traffic.
– Then it usually involves targeting interesting people, for example politicians and people in power.
See what vulnerabilities the hackers are looking for in the video above.