Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.

News > Attacks & Threats > Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign

Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign

The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings...
13 Apr 2026
Written by Gabi Gerber
Attacks & Threats

Featured

Hacking Topics, Security Operation Center

The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espionage campaign since at least May 2025.

The large-scale exploitation campaign has been codenamed FrostArmada by Lumen's Black Lotus Labs, with Microsoft describing it as an effort to exploit vulnerable home and small office (SOHO) internet devices to hijack DNS traffic and enable passive collection of network data.

"Their technique modified DNS settings on compromised routers to hijack local network traffic to capture and exfiltrate authentication credentials," Black Lotus Labs said in a report shared with The Hacker News. More here

Similar Stories

Attacks & Threats

Bad Memories Still Haunt AI Agents

Cisco found and fixed a significant vulnerability in the way Anthropic handles memories, but experts warn that mishandled memory files will continue to threaten AI systems. More...
Every Old Vulnerability Is Now an AI Vulnerability

AI's danger isn't that it's creating new bugs, it's that it's amplifying old ones. More...
Google Fixes Critical RCE Flaw in AI-Based 'Antigravity' Tool

The prompt-injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that all… More...
Grafana AI Bug Leaks Data With Zero-Click Exploit

Chained Bypasses Exfiltrate Data Via Hidden AI Prompts More...
Critical MCP Integration Flaw Puts NGINX at Risk

Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuratio… More...

Have your say

 

News Categories

Attacks & Threats

Bad Memories Still Haunt AI Agents

Cisco found and fixed a significant vulnerability in the way Anthropic handles memories, but experts warn that mishandled memory files will continue to threaten AI systems. More...
Every Old Vulnerability Is Now an AI Vulnerability

AI's danger isn't that it's creating new bugs, it's that it's amplifying old ones. More...
Google Fixes Critical RCE Flaw in AI-Based 'Antigravity' Tool

The prompt-injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that all… More...
Grafana AI Bug Leaks Data With Zero-Click Exploit

Chained Bypasses Exfiltrate Data Via Hidden AI Prompts More...
Critical MCP Integration Flaw Puts NGINX at Risk

Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuratio… More...

Show more
image

Contact Us

Security Interest Group Switzerland
c/o Bridge Head AG
Sulzbergstrasse 34
5430 Wettingen
Switzerland

Quick Links

Terms
Contact Us
Privacy Policy
Newsletter

Follow Us

This website is powered by
ToucanTech