"The GRU has indiscriminately compromised a wide pool of U.S. and global victims and then filtered down impacted users, especially targeting information related to military, government, and critical infrastructure."
"Forest Blizzard gained access to SOHO devices then altered their default network configurations to use actor-controlled DNS resolvers. This malicious re-configuration resulted in thousands of devices sending their DNS requests to actor-controlled servers."
The US Justice Department and FBI disrupted a network of hacked SOHO routers used by Russian threat actor APT28. The hackers targeted TP-Link and MikroTik routers, altering DHCP and DNS settings to redirect traffic through their infrastructure. This adversary-in-the-middle attack allowed them to capture sensitive data, including passwords and emails. The attackers exploited a known vulnerability, CVE-2023-50224, to gain control of the routers. Microsoft identified over 200 organizations and 5,000 devices affected by the attack, attributing it to Forest Blizzard and its subgroup Storm-2754.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]