This could possibly be DNS poisoning associated with a man in the middle attack, this would either have to be executed by someone on the same network or even an Evil AP where a deauth packet has been sent - this is assuming wireless was being used at the time. This would also explain when switching out the routers the problem goes way because the other router could be on a different subnet to the original poisoning attack - Just a thought.

Log into the DrayTek and check that remote management hasn't been left enabled by mistake. If it's been left enabled, and the routers admin password is still default, so that anyone connecting to the WAN IP could change the router settings, then it's possible that the routers DNS settings could have been changed by someone logging into the web interface remotely.

Go to [LAN] >> [General Setup] and look at the "Details Page" for LAN1, or any other LAN that's been enabled, and check the LAN DNS Settings. Those settings should likely be blank or set to IP Addresses you recognise. If they're set to 8.8.8.8 and 8.8.4.4 then that's google DNS. (OpenDNS is 208.67.222.222 & 208.67.220.220) But if they're set to something you don't know, or didn't set then I'd recommend immediately checking the [System Maintenance] > [Management] menu and make sure that "Allow management from the Internet" is not enabled. If it is then disable it and then reboot the router. Then remove the DNS Settings and set them to the DNS Server you'd like to use.

If you have found settings on the router that you definitely didn't set then a good choice could be to factory reset (remote mngt is not enabled by default) and setup the router again (you will need to know the settings for your ISP to get internet access again) or carefully check the VPN settings to ensure that no VPN profiles have been setup without your knowledge.

Check with support for advice, if in doubt.