Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign

6 days ago [email protected] (The Hacker News)
Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign


The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espionage campaign since at least May 2025.
The large-scale exploitation campaign has been codenamed 

The post “Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign” appeared first on The Hacker News

Source:The Hacker News – [email protected] (The Hacker News)

Tags: ,

More Stories

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

3 days ago [email protected] (The Hacker News)

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

3 days ago [email protected] (The Hacker News)

The Hidden Security Risks of Shadow AI in Enterprises

4 days ago [email protected] (The Hacker News)

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

6 days ago [email protected] (The Hacker News)

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

2 weeks ago [email protected] (The Hacker News)

Block the Prompt, Not the Work: The End of "Doctor No"

2 weeks ago [email protected] (The Hacker News)