US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking

The US government has disrupted a Russian state-sponsored espionage operation conducted by APT28 (Fancy Bear). The threat group exploited vulnerabilities in TP-Link and MikroTik routers to perform adversary-in-the-middle (AitM) attacks and DNS hijacking. This operation enabled the actors to intercept network traffic, potentially access sensitive communications, and conduct long-term espionage activities against targets. The attack leveraged pre-existing vulnerabilities in unpatched networking equipment, highlighting the risks associated with outdated firmware and default configurations. Organizations are advised to immediately patch router firmware, disable remote management interfaces, monitor for unauthorized DNS changes, and implement network segmentation to mitigate similar threats.

The APT28 threat group exploited vulnerable TP-Link and MikroTik routers to conduct adversary-in-the-middle (AitM) attacks. The post US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking appeared first on SecurityWeek .

The US government has disrupted a Russian state-sponsored espionage operation conducted by APT28 (Fancy Bear). The threat group exploited vulnerabilities in TP-Link and MikroTik routers to perform adversary-in-the-middle (AitM) attacks and DNS hijacking. This operation enabled the actors to intercept network traffic, potentially access sensitive communications, and conduct long-term espionage activities against targets. The attack leveraged pre-existing vulnerabilities in unpatched networking equipment, highlighting the risks associated with outdated firmware and default configurations. Organizations are advised to immediately patch router firmware, disable remote management interfaces, monitor for unauthorized DNS changes, and implement network segmentation to mitigate similar threats. The APT28 threat group exploited vulnerable TP-Link and MikroTik routers to conduct adversary-in-the-middle (AitM) attacks. The post US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking appeared first on SecurityWeek . The APT28 threat group exploited vulnerable TP-Link and MikroTik routers to conduct adversary-in-the-middle (AitM) attacks. The post US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking appeared first on SecurityWeek .