Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign

Overview

The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espionage campaign since at least May 2025. The large-scale exploitation campaign has been codenamed

Key Developments

This reflects an evolving cybersecurity situation.

Technical Details

Attackers may use automation and vulnerabilities.

Impact & Risks

Potential disruption and data exposure.

Conclusion

Organizations must stay vigilant.

Read more: https://thehackernews.com/2026/04/russian-state-linked-apt28-exploits.html