The Russian state group APT28 is exploiting vulnerable routers to alter DHCP and DNS settings, redirecting victim traffic through attacker-controlled servers for espionage. The article does not provide specific CVSS scores, affected router models or firmware versions, or patch details. Organizations should audit and secure network edge devices, particularly by updating router firmware, changing default credentials, and monitoring for unauthorized DNS or DHCP changes.
The Russian state cyber group APT28 has been compromising routers to hijack web traffic and spy on victims, the UK’s The National Cyber Security Centre (NCSC) has warned. Attackers are exploiting vulnerable routers to alter DHCP and DNS settings, redirecting traffic through servers they control. “We assess that APT28 is almost certainly the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Centre (GTsSS) Military Intelligence Unit 26165.” said NCSC. Since 2024, APT28 … More → The post Russian hackers hijack internet traffic using vulnerable routers appeared first on Help Net Security .