Back

Russian Hackers Target SOHO Routers for DNS Hijacking

Severity: High (Score: 74.9)

Sources: Blogs.Microsoft, Cybersecuritynews

Summary

A large-scale cyber campaign by Forest Blizzard, a Russian military-linked threat actor, has compromised over 5,000 consumer devices and 200 organizations by exploiting insecure small-office and home routers. The attackers hijack DNS traffic and intercept encrypted communications, modifying router settings to integrate them into their malicious infrastructure. This operation is part of a broader strategy to support Russian government objectives. The exact methods and tools used in the attack have not been detailed, but the scale and impact suggest a significant threat to affected organizations. Current status indicates ongoing exploitation, with no immediate remediation steps disclosed. Organizations are urged to assess their router security and monitor for unusual DNS activity. Key Points: • Forest Blizzard has compromised over 5,000 devices and 200 organizations. • Attackers exploit insecure home and small-office routers to hijack DNS traffic. • The operation is linked to Russian military objectives, indicating state-sponsored activity.

Key Entities

  • Apt28 (apt_group)
  • Forest Blizzard (apt_group)
  • Strontium (apt_group)
  • Man-in-the-Middle (attack_type)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed