Back

APT28 Exploits Vulnerable Routers for DNS Hijacking Attacks

Severity: High (Score: 72.5)

Sources: Ncsc.Uk

Summary

The UK has issued a new advisory regarding Russian cyber threat group APT28, which has been exploiting vulnerable routers to conduct DNS hijacking operations. This method allows the adversary to perform man-in-the-middle attacks, leading to the theft of passwords and authentication tokens from affected users. The advisory indicates that these attacks target edge devices, which are critical components in network infrastructure. Organizations using susceptible routers are at risk, as the exploitation can facilitate broader malicious operations. While specific CVEs were not mentioned, the advisory emphasizes the urgent need for affected entities to assess their network security. The current status highlights an active threat landscape with potential ongoing exploitation. Security professionals are urged to remain vigilant and implement necessary security measures to mitigate risks. Key Points: • APT28 is exploiting vulnerable routers for DNS hijacking. • The attacks enable man-in-the-middle operations and credential theft. • Organizations using vulnerable edge devices are at significant risk.

Key Entities

  • Apt28 (apt_group)
  • Man-in-the-Middle (attack_type)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed