Russia's Forest Blizzard Nabs Rafts of Logins Via SOHO Routers

Summary

Russia's APT28 threat group, operating under the Forest Blizzard campaign, is conducting large-scale cyber espionage by exploiting vulnerabilities in SOHO routers to modify DNS settings without deploying traditional malware. The technique enables DNS hijacking to intercept login credentials from targeted organizations globally. This fileless approach complicates detection and represents a shift toward infrastructure-level compromise rather than endpoint-focused attacks.

Entities