APT28
Tracked across 3 articles in the Nexus archive. Showing the most recent 7.
- FBI says Russian hackers hijacked old Wi-Fi routers
The FBI and Justice Department warned that Russian hackers linked to the GRU exploited vulnerabilities in outdated SOHO routers to conduct espionage by altering DNS settings and intercepting traffic. The hackers redirected internet requests through their servers to steal sensitive data, and authorities disrupted the U.S. portion of the network in April.
- Ukraine confirms suspected APT28 campaign targeting prosecutors, anti-corruption agencies
Ukraine has confirmed a suspected APT28 cyberattack campaign targeting prosecutors and anti-corruption agencies. The attack exploited vulnerabilities in the Roundcube webmail platform, allowing malicious code execution when victims opened emails.
- Russia's Forest Blizzard Nabs Rafts of Logins Via SOHO Routers
Russia's APT28 group is conducting cyber espionage by exploiting vulnerable SOHO routers through modified DNS settings, enabling fileless and malwareless attacks on global organizations. The technique allows unauthorized access without traditional malware deployment.
- APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies
APT28, a Russian threat actor also known as Forest Blizzard and Pawn Storm, has launched a spear-phishing campaign targeting Ukraine and NATO allies using a new malware suite called PRISMEX. The malware employs advanced techniques like steganography, COM hijacking, and abuse of legitimate cloud services for command-and-control, according to Trend Micro.
- Thousands of consumer routers hacked by Russia's military
The Russian military, through the APT28 group linked to the GRU, has hacked 18,000 to 40,000 consumer routers in 120 countries. These routers were used to spy on government agencies and alter DNS settings for Microsoft's 365 service. Researchers from Lumen Technologies' Black Lotus Labs reported the breach.
- Russia Hacked Routers to Steal Microsoft Office Tokens
Russian military intelligence units, known as Forest Blizzard or APT28, used DNS hijacking to steal Microsoft Office authentication tokens from over 18,000 routers, primarily targeting government agencies.
- Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
Law enforcement and private companies disrupted FrostArmada, an APT28-linked campaign exploiting MikroTik and TP-Link routers to steal Microsoft account credentials. The operation targets DNS hijacking methods used to compromise Microsoft 365 logins globally.