UK exposes Russian military intelligence hijacking vulnerable routers for cyber attacks
New advisory warns cyber threat group APT28 have exploited vulnerable edge devices to support malicious operations.
The National Cyber Security Centre (NCSC) – a part of GCHQ – has published a new advisory revealing how Russian cyber actors have compromised commonly used routers, allowing them to covertly reroute users’ internet traffic through malicious servers under their control.
The new advisory warns that Russian state cyber group APT28 has exploited vulnerable internet routers to enable Domain Name System (DNS) hijacking operations, giving the attackers the ability to intercept traffic and harvest login credentials, including passwords and access tokens, from personal web and email services.
DNS is what allows individuals to reach websites by typing familiar addresses, instead of associated IP addresses. In a DNS hijacking attack, actors interfere with this process to covertly send users to malicious websites designed to steal login details or other sensitive information.