Skip to content
The Nexus
DossierORGANIZATION3 mentions

APT28

Tracked across 3 articles in the Nexus archive. Showing the most recent 7.

Earliest in view: Apr 7 · 15:51 UTCMost recent: Jun 14 · 17:01 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 14 · 17:01 UTCFOX NEWS
    FBI says Russian hackers hijacked old Wi-Fi routers

    The FBI and Justice Department warned that Russian hackers linked to the GRU exploited vulnerabilities in outdated SOHO routers to conduct espionage by altering DNS settings and intercepting traffic. The hackers redirected internet requests through their servers to steal sensitive data, and authorities disrupted the U.S. portion of the network in April.

  • SECURITYApr 17 · 14:12 UTCRECORDED FUTURE NEWS
    Ukraine confirms suspected APT28 campaign targeting prosecutors, anti-corruption agencies

    Ukraine has confirmed a suspected APT28 cyberattack campaign targeting prosecutors and anti-corruption agencies. The attack exploited vulnerabilities in the Roundcube webmail platform, allowing malicious code execution when victims opened emails.

  • SECURITYApr 9 · 01:00 UTCDARK READING
    Russia's Forest Blizzard Nabs Rafts of Logins Via SOHO Routers

    Russia's APT28 group is conducting cyber espionage by exploiting vulnerable SOHO routers through modified DNS settings, enabling fileless and malwareless attacks on global organizations. The technique allows unauthorized access without traditional malware deployment.

  • SECURITYApr 8 · 13:50 UTCTHE HACKER NEWS
    APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies

    APT28, a Russian threat actor also known as Forest Blizzard and Pawn Storm, has launched a spear-phishing campaign targeting Ukraine and NATO allies using a new malware suite called PRISMEX. The malware employs advanced techniques like steganography, COM hijacking, and abuse of legitimate cloud services for command-and-control, according to Trend Micro.

  • SECURITYApr 8 · 11:00 UTCARS TECHNICA
    Thousands of consumer routers hacked by Russia's military

    The Russian military, through the APT28 group linked to the GRU, has hacked 18,000 to 40,000 consumer routers in 120 countries. These routers were used to spy on government agencies and alter DNS settings for Microsoft's 365 service. Researchers from Lumen Technologies' Black Lotus Labs reported the breach.

  • SECURITYApr 7 · 17:02 UTCKREBS ON SECURITY
    Russia Hacked Routers to Steal Microsoft Office Tokens

    Russian military intelligence units, known as Forest Blizzard or APT28, used DNS hijacking to steal Microsoft Office authentication tokens from over 18,000 routers, primarily targeting government agencies.

  • SECURITYApr 7 · 15:51 UTCBLEEPING COMPUTER
    Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins

    Law enforcement and private companies disrupted FrostArmada, an APT28-linked campaign exploiting MikroTik and TP-Link routers to steal Microsoft account credentials. The operation targets DNS hijacking methods used to compromise Microsoft 365 logins globally.