Russian Forest Blizzard Hackers Hijack Home Routers for Global Spying

Russian military-linked Forest Blizzard actors have compromised over 5,000 SOHO routers globally since August 2025 to hijack DNS and intercept traffic. They're actively targeting Microsoft Outlook users across energy, IT, and telecom sectors, affecting 200 organizations including government agencies. Remote workers and any organization using compromised routers are at risk of credential theft and persistent surveillance.

CRITICALAdvisoryApr 08, 2026

Action required

Immediately audit all SOHO and remote access routers for unauthorized dnsmasq configurations or suspicious DNS settings. Check for any Outlook session compromises and force password resets for users accessing email from home networks. Query proxy and firewall logs for DNS traffic anomalies and unexpected MITM indicators.

Affected products

MicrosoftMicrosoft Outlook

Linked articles

Russian Forest Blizzard Hackers Hijack Home Routers for Global Spying

Source links

https://hackread.com/russian-forest-blizzard-hackers-hijack-home-routers/