Recently, the Ministry of State Security revealed that national security authorities discovered foreign espionage agencies controlling multiple routers within China to send targeted “spear-phishing emails” to personnel at key organizations. These emails appeared to be invitation letters for evaluations or notices about unpaid fines. When recipients clicked the links and entered their passwords on counterfeit login pages, they received an error message stating “incorrect password,” prompting them to enter it again — allowing attackers to obtain valid credentials. Afterwards, users were redirected to legitimate websites to make them feel safe. Once gaining access, attackers periodically accessed victims’ mailboxes to steal sensitive information. Most router owners remained unaware of the intrusion; they only noticed slower internet speeds, frequent disconnections, or unexpected reboots. The authorities have advised affected individuals to secure their email accounts and conduct technical inspections on compromised routers.
According to the Ministry, vulnerable routers typically exhibit two characteristics: first, they are older models or products whose manufacturers no longer provide updates, leaving their firmware outdated; second, their management interfaces often rely on weak or default passwords, or enable risky features such as remote administration. Recommendations include purchasing routers from reputable brands still under active support, setting strong passwords for both management panels and Wi-Fi networks while updating them regularly, disabling nonessential functions like remote control, and restoring factory settings if abnormal behavior occurs. Should anyone suspect activities endangering national security, they may call 12339 or visit www.12339.gov.cn to report it.