The article describes a threat actor campaign compromising SOHO routers to conduct DNS hijacking, redirecting victim traffic to adversary-controlled infrastructure for adversary-in-the-middle attacks. The article does not specify a singular vulnerability, CVSS score, affected or fixed software versions, or a technical workaround for this specific campaign.
2026-04-07 (Back to Inventory) SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks Author(s): Microsoft Threat Intelligence Organization: Microsoft Open article directly Open article on Archive.org Related Articles 2026-03-11 ⋅ Microsoft ⋅ Microsoft Defender Experts , Microsoft Defender Security Research Team Contagious Interview: Malware delivered through fake developer job interviews BeaverTail OtterCookie StoatWaffle InvisibleFerret PylangGhost GolangGhost 2026-03-06 ⋅ Microsoft ⋅ Microsoft Threat Intelligence AI as tradecraft: How threat actors operationalize AI OtterCookie 2026-03-03 ⋅ Microsoft ⋅ Microsoft Signed malware impersonating workplace apps deploys RMM backdoors TrustConnect RAT