"Forest Blizzard has spent the past few months attempting to compromise thousands of personal and small office / home office routers, gaining control of insecure devices to pursue broader malicious objectives."
"The campaign's primary tactic involved malicious changes to the routers' DNS settings, giving the hackers a persistent foothold and the ability to intercept DNS traffic."
"Once in control, the hackers were able to fully intercept plaintext web traffic - because no valid TLS certificate was present to encrypt it - and search for potentially valuable Microsoft 365 data."
Forest Blizzard, a Kremlin-sponsored hacking group, targets insecure personal and small office routers to conduct cyberattacks. Active since August 2025, they compromised over 5,000 devices across 200 organizations. Their primary tactic involved altering DNS settings to maintain control and intercept traffic. This allowed them to execute adversary-in-the-middle attacks against Microsoft 365 domains. The hackers used malicious DNS servers to present invalid TLS certificates, enabling them to intercept unencrypted web traffic and search for valuable data.
Read at TechSpot
Unable to calculate read time
Collection
[
|
...
]