"An estimated 18,000 to 40,000 consumer routers, mostly those made by MikroTik and TP-Link, located in 120 countries were wrangled into infrastructure belonging to APT28, an advanced threat group that's part of Russia's military intelligence agency known as the GRU."
"Known for blending cutting-edge tools such as the large language model (LLM) 'LAMEHUG' with proven, longstanding techniques, Forest Blizzard consistently evolves its tactics to stay ahead of defenders."
"To hijack the routers, the attackers exploited older models that hadn't been patched against known security vulnerabilities. They then changed DNS settings for select domains and used the Dynamic Host Configuration Protocol to propagate them to router-connected workstations."
The Russian military is hacking home and small office routers, targeting an estimated 18,000 to 40,000 devices primarily from MikroTik and TP-Link. This operation is linked to APT28, a group associated with Russia's GRU, which has been active for over two decades. The hackers exploit unpatched vulnerabilities in older router models to change DNS settings, redirecting users to sites that collect sensitive information. Their tactics combine advanced tools with traditional methods, posing a significant threat to global organizations.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]