UK exposes Russian military intelligence hijacking vulnerable routers for cyber attacks
New advisory warns cyber threat group APT28 have exploited vulnerable edge devices to support malicious operations.
The National Cyber Security Centre (NCSC) – a part of GCHQ – has published a new advisory revealing how Russian cyber actors have compromised commonly used routers, allowing them to covertly reroute users’ internet traffic through malicious servers under their control.
The new advisory warns that Russian state cyber group APT28 has exploited vulnerable internet routers to enable Domain Name System (DNS) hijacking operations, giving the attackers the ability to intercept traffic and harvest login credentials, including passwords and access tokens, from personal web and email services.
DNS is what allows individuals to reach websites by typing familiar addresses, instead of associated IP addresses. In a DNS hijacking attack, actors interfere with this process to covertly send users to malicious websites designed to steal login details or other sensitive information.
Related breach coverage
- UK exposes Russian military intelligence hijacking vulnerable routers for cyber attacks2026-04-07
New advisory warns cyber threat group APT28 have exploited vulnerable edge devices to support malicious operations.
- APT28 exploit routers to enable DNS hijacking operations2026-04-07
Russian cyber actor APT28 exploit vulnerable routers to hijack DNS, enabling adversary‑in‑the‑middle attacks and theft of passwords and authentication tokens.
- Amazon disrupts Russian GRU hackers attacking edge network devices2025-12-16
The Amazon Threat Intelligence team has disrupted active operations attributed to hackers working for the Russian foreign military intelligence agency, the GRU, who targeted customers' cloud infrastructure. [...]
- Russian state hackers targeted Western critical infrastructure for years, Amazon says2025-12-17
Amazon disclosed a years-long Russian state-backed cyber campaign targeting Western critical infrastructure from 2021 to 2025. Amazon Threat Intelligence reports a long-running Russian state-backed campaign (2021–2025) targeting Western critical infrastructure. Threat actors shifted from exploiting vulnerabilities to abusing misconfigured network edge devices, enabling credential theft and lateral movement with lower risk. The researchers linked the […]