Breaking
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately
Latest Threat Intel Zero-Days Data Breaches Analysis
Live threat feed May 19, 2026 | 11:58 UTC
4110 CVEs This Month
6 Actively Exploited
2 Ransomware Activity
18 Breaches YTD
Threat Investigation Portal
Investigate an IOC in the live graph workspace.
Investigate IOC
Threat Intelligence

APT28 Exploits MikroTik and TP-Link Routers in Global DNS Hijacking Campaign

Thirumala Rao Padilam Thirumala Rao Padilam April 7, 2026
APT28 Exploits MikroTik and TP-Link Routers in Global DNS Hijacking Campaign

The Russia-linked threat actor APT28, also known as Forest Blizzard, has been implicated in a cyber espionage campaign utilizing compromised MikroTik and TP-Link routers. Since at least May 2025, the group has exploited vulnerabilities in these devices to modify their configurations and repurpose them as malicious infrastructure for DNS hijacking activities on a global scale.

What happened

APT28 has launched a large-scale campaign targeting insecure MikroTik and TP-Link routers. The attackers compromised the devices and altered their settings to use the routers as part of their malicious infrastructure in a DNS hijacking operation.

Why it matters

This campaign highlights ongoing risks associated with insecure router configurations. By leveraging consumer-grade networking equipment, APT28 can redirect network traffic, potentially intercepting sensitive communications and enabling espionage activities across global networks.

Key technical details

The attack involved exploiting insecure MikroTik and TP-Link routers by modifying their settings. These compromised routers were then integrated into APT28's infrastructure to conduct DNS hijacking, redirecting users’ traffic to malicious destinations as part of their espionage efforts. The campaign has been active since at least May 2025.

Affected organizations/products

Insecure MikroTik and TP-Link routers worldwide have been affected by this campaign linked to APT28.

Source attribution

https://thehackernews.com/2026/04/russian-state-linked-apt28-exploits.html

Thirumala Rao Padilam
Written by
Thirumala Rao Padilam
error: Content is protected !!