Russia's Forest Blizzard Nabs Rafts of Logins via SOHO Routers

Russian state-sponsored APT28 is conducting 'malwareless' cyber espionage by modifying DNS settings on vulnerable SOHO (Small Office/Home Office) routers. This technique allows the threat actors to redirect organizational network traffic without deploying traditional malware, making detection significantly more difficult. The campaign targets global organizations across multiple sectors. The attackers exploit misconfigured or unpatched routers as command-and-control infrastructure, enabling credential harvesting and data exfiltration. Organizations should audit router configurations, change default credentials, apply security patches, and implement DNS monitoring to detect unauthorized changes. This campaign demonstrates the ongoing risk posed by unpatched network edge devices and the evolution of state-sponsored actors toward fileless persistence techniques.

Heard of fileless malware? How about malwareless cyber espionage? Russia's APT28 is spying on global organizations by modifying just one DNS setting in vulnerable routers.

Russian state-sponsored APT28 is conducting 'malwareless' cyber espionage by modifying DNS settings on vulnerable SOHO (Small Office/Home Office) routers. This technique allows the threat actors to redirect organizational network traffic without deploying traditional malware, making detection significantly more difficult. The campaign targets global organizations across multiple sectors. The attackers exploit misconfigured or unpatched routers as command-and-control infrastructure, enabling credential harvesting and data exfiltration. Organizations should audit router configurations, change default credentials, apply security patches, and implement DNS monitoring to detect unauthorized changes. This campaign demonstrates the ongoing risk posed by unpatched network edge devices and the evolution of state-sponsored actors toward fileless persistence techniques. Heard of fileless malware? How about malwareless cyber espionage? Russia's APT28 is spying on global organizations by modifying just one DNS setting in vulnerable routers. Heard of fileless malware? How about malwareless cyber espionage? Russia's APT28 is spying on global organizations by modifying just one DNS setting in vulnerable routers.