Skip to main content

Tag: apt28

7 articles

Dismantled router with exposed internal components sits on worn table amidst tangled cables and wires in dimly lit room.

FBI Disrupts APT28's Router-Based Espionage Operations

The FBI recently disrupted a sneaky espionage operation run by APT28, a Russian GRU-linked group notorious for its broad reach, by cutting off their access to a network of routers they used as a launching pad for further attacks. This bold move effectively severed the group's tremendous access, putting a stop to their clever tactics.

Analyst 207
Shadowy figure looms over dimly lit cityscape, laptop screen displays Eastern Europe map, nearby smartphone lies broken.

APT28 Targets Ukraine, NATO Allies with PRISMEX Malware

Russian threat actor APT28 has launched a new campaign, deploying a previously unknown malware suite called PRISMEX to target Ukraine and its NATO allies, using clever concealment techniques to evade detection. This sophisticated attack combines steganography, COM hijacking, and legitimate cloud services to stay under the radar.

Analyst 207
Globe centered on Russia with shattered network, silhouettes of law enforcement disrupting tangled web.

FBI Disrupts Russian Hacker Network with DNS Hijacking Takedown

In a major cyber takedown, the FBI has successfully disrupted a Russian hacker network by pulling the plug on compromised US-based routers, effectively cutting off the threat actor's malicious infrastructure. This bold move allowed authorities to neutralize the threat without relying on individual device owners to take action.

Analyst 207
Globe centered on Eastern Europe and Asia with a laptop screen displaying a world map in the foreground.

APT28 Hijacks SOHO Routers in Global DNS Espionage Push

Your home router, that innocent-looking box under your desk, can be turned against you: a Russia-linked cyber threat group, APT28, has been hijacking insecure SOHO routers worldwide to fuel a massive DNS espionage campaign. By exploiting vulnerabilities in popular router brands like MikroTik and TP-Link, they've been manipulating DNS settings to spy on unsuspecting users.

Analyst 207
Worn router on a desk surrounded by candles with a looming Russian shadow.

NCSC Warns of Russia's Ongoing Router Exploits

Russia's notorious hackers, Fancy Bear, are exploiting routers to steal passwords and sensitive information, compromising the security of countless individuals and organisations. With around 5,000 devices and 200 organisations already affected, experts warn that this latest threat is one to take seriously.

Analyst 207
APT28 Hijacks Routers to Steal Credentials via Malicious DNS Servers

APT28 Hijacks Routers to Steal Credentials via Malicious DNS Servers

Beware of invisible hands rerouting your online traffic: a state-linked Russian hacking group, APT28, has been hijacking routers to intercept credentials by manipulating DNS servers, putting your online security at risk. This stealthy tactic allows them to capture user authentication data, compromising your digital identity.

Analyst 207
Law Enforcement Disrupts APT28's Router DNS Hijack Operation

Law Enforcement Disrupts APT28's Router DNS Hijack Operation

In a major breakthrough, an international coalition of law enforcement authorities and private companies has successfully disrupted a sneaky DNS hijack operation by APT28, known as FrostArmada, that targeted home network routers to steal Microsoft account credentials. This operation thwarted the hackers' plan to intercept traffic and harvest cloud account keys, protecting countless individuals from potential cyber threats.

Analyst 207