Russian APT28 Hijacks Routers for Widespread Cyber Espionage

Russian APT28 Hijacks Routers for Widespread Cyber Espionage

View Crypto Cold Wallets Reviews
Multi-Factor Authentication Tools Reviews

The UK's National Cyber Security Centre (NCSC) has issued a critical warning regarding a sophisticated cyber campaign orchestrated by the Russian state-sponsored group APT28, also identified as the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Centre (GTsSS) Military Intelligence Unit 26165. Since at least 2024, APT28 has been actively exploiting vulnerabilities in network routers to hijack internet traffic and conduct espionage against unsuspecting victims.

The core of this attack involves compromising vulnerable routers to manipulate their DHCP (Dynamic Host Configuration Protocol) and DNS (Domain Name System) settings. By altering DHCP, attackers can force devices on a network to obtain IP addresses and, crucially, DNS server information from their malicious infrastructure. Alternatively, by directly changing DNS settings on the router, they redirect all outgoing domain name resolution requests through servers under their control. This fundamental alteration of network routing allows APT28 to intercept, monitor, and potentially manipulate a victim's entire internet traffic stream.

Bundle Banner Small — AI Tools Integration
Limited Time
🔥 Lifetime Deal Bundle

3 SaaS Tools for the Price of 2

"It's not SaaS of the Day — It's Must Have SaaS"

🔗 Auto Backlinks Builder
📰 AI Content Aggregator
🖼️ AI Post Image Generator
1 Site
$98
Lifetime
3 Sites
$198
Lifetime
10 Sites
$498
Lifetime
50 Sites
$1398
Lifetime
Get the Bundle — Save 33% →

One-time payment · No subscription · All 3 tools included · Limited time offer

Up to 500 free bonus tokens on every new account

The primary benefit for the attackers is the ability to conduct pervasive surveillance and intelligence gathering. By routing traffic through their servers, they can covertly observe online activities, identify sensitive communications, and potentially harvest credentials or other valuable data without direct interaction with individual victim devices. This method offers a persistent and stealthy way to maintain access and collect information on a broad scale.

For victims, the risks are substantial and far-reaching. Users connected to a compromised router face an elevated threat of data theft, particularly login credentials for various online services, as traffic can be redirected to spoofed websites or intercepted directly. Furthermore, the integrity of their online communications is severely undermined, making them susceptible to man-in-the-middle attacks, malware injection, and profound privacy breaches. The attack vector targets the foundational network infrastructure, making it difficult for end-users to detect and affecting all devices connected to the compromised router. This NCSC warning underscores the ongoing threat posed by state-backed cyber groups leveraging critical network components for strategic espionage.

(Source: https://www.helpnetsecurity.com/2026/04/07/russian-hackers-router-hijacking-dns-credential-theft/)

Multi-Factor Authentication Tools Reviews

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *