WinFuture.deRussische Hacker von #APT28 haben weltweit zehntausende Router gekapert, um Passwörter abzugreifen - auch in Deutschland wurden Geräte von #MikroTik und TP-Link kompromittiert. https://winfuture.de/news,157972.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia
Marcel SIneM(S)USWarnung aus UK 🇬🇧 : Russische Cyberkriminelle kapern Router zum Passwort-Klau | heise online https://www.heise.de/news/Warnung-aus-UK-Russische-Cyberkriminelle-kapern-Router-zum-Passwort-Klau-11247959.html #CyberCrime #Russland 🇷🇺 #Russia 🇷🇺 #APT28 #ForestBlizzard #FancyBear #STRONTIUM #Sednit #Sofacy
Analyst207APT28 Hijacks SOHO Routers in Global DNS Espionage Push
Your home router, that innocent-looking box under your desk, can be turned against you: a Russia-linked cyber threat group, APT28, has been hijacking insecure SOHO routers worldwide to fuel a massive DNS espionage campaign. By exploiting vulnerabilities in popular router brands like MikroTik and TP-Link, they've been manipulating DNS settings to spy on…
https://osintsights.com/apt28-hijacks-soho-routers-in-global-dns-espionage-push
KrebsOnSecurity RSSRussia Hacked Routers to Steal Microsoft Office Tokens
https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/
#NationalCyberSecurityCentre #InternetofThings(IoT) #Ne'er-Do-WellNews #ALittleSunshine #MicrosoftOffice #LatestWarnings #TheComingStorm #BlackLotusLabs #ForestBlizzard #DannyAdamitis #RyanEnglish #FancyBear #MikroTik #TP-Link #APT28 #Lumen
APT28 Hijacks Routers to Steal Credentials via Malicious DNS Servers
Beware of invisible hands rerouting your online traffic: a state-linked Russian hacking group, APT28, has been hijacking routers to intercept credentials by manipulating DNS servers, putting your online security at risk. This stealthy tactic allows them to capture user authentication data, compromising your digital identity.
https://osintsights.com/apt28-hijacks-routers-to-steal-credentials-via-malicious-dns-servers
#Apt28 #Russia #MaliciousDnsServers #RouterHijacking #CredentialTheft
Law Enforcement Disrupts APT28's Router DNS Hijack Operation
In a major breakthrough, an international coalition of law enforcement authorities and private companies has successfully disrupted a sneaky DNS hijack operation by APT28, known as FrostArmada, that targeted home network routers to steal Microsoft account credentials. This operation thwarted the hackers' plan to intercept traffic and harvest cloud account…
https://osintsights.com/law-enforcement-disrupts-apt28s-router-dns-hijack-operation
CyberNetsecIO📰 Russia's Pawn Storm (APT28) Targets Defense Supply Chain with New 'PRISMEX' Malware and Zero-Day
🇷🇺 Russia's APT28 (Pawn Storm) is targeting the defense supply chain with new 'PRISMEX' malware, exploiting a Windows zero-day (CVE-2026-21513). 🛡️ #APT28 #PawnStorm #ZeroDay #CyberWarfare
CyberVeille.ch📢 APT28 exploite la faille XSS Zimbra CVE-2025-66376 contre des entités ukrainiennes
📝 ## 🗓️ Contexte
Selon un rapport publié par **Seqrite Labs** et relayé par Security Affairs...
📖 cyberveille : https://cyberveille.ch/posts/2026-03-22-apt28-exploite-la-faille-xss-zimbra-cve-2025-66376-contre-des-entites-ukrainiennes/
🌐 source : https://securityaffairs.com/189673/security/russian-apt-targets-ukraine-via-zimbra-xss-flaw-cve-2025-66376.html
#APT28 #CVE_2025_66376 #Cyberveille
APT28 exploite la faille XSS Zimbra CVE-2025-66376 contre des entités ukrainiennes
🗓️ Contexte Selon un rapport publié par Seqrite Labs et relayé par Security Affairs le 19 mars 2026, un groupe APT lié à la Russie — attribué avec une confiance modérée à APT28 (alias Fancy Bear, Sednit, STRONTIUM, UAC-0001) — mène une campagne d’espionnage ciblant des entités gouvernementales ukrainiennes via une vulnérabilité dans Zimbra Collaboration. 🎯 Campagne : Operation GhostMail La campagne, baptisée Operation GhostMail, exploite la vulnérabilité CVE-2025-66376 (CVSS 7.2), un stored XSS dans l’interface Classic UI de Zimbra, causé par une sanitisation insuffisante des directives CSS @import dans le contenu HTML des emails.
OTX BotOperation Roundish: Uncovering an APT28 Roundcube Exploitation Toolkit Targeting Ukraine
Pulse ID: 69bb260932564fa54536f69f
Pulse Link: https://otx.alienvault.com/pulse/69bb260932564fa54536f69f
Pulse Author: Tr1sa111
Created: 2026-03-18 22:24:09
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#APT28 #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #UK #Ukr #Ukraine #bot #Tr1sa111
Operation Roundish: Uncovering an APT28 Roundcube Exploitation Toolkit Targeting Ukraine
An exposed open directory revealed a comprehensive Roundcube exploitation toolkit used by APT28 to target Ukrainian government entities. The toolkit includes XSS payloads, a Flask-based C2 server, CSS injection tools, and a Go-based implant. It enables credential harvesting, persistent mail forwarding, bulk email exfiltration, address book theft, and 2FA secret extraction. The primary target was identified as mail.dmsu.gov.ua, Ukraine's State Migration Service. Technical analysis shows significant overlaps with previously documented APT28 operations, while introducing new capabilities such as CSS-based side-channel attacks and browser credential theft. The toolkit's modular approach and sophisticated evasion techniques demonstrate APT28's evolving tactics in compromising webmail platforms for long-term intelligence gathering.
Pulse ID: 69ba83b93cb449af00474243
Pulse Link: https://otx.alienvault.com/pulse/69ba83b93cb449af00474243
Pulse Author: AlienVault
Created: 2026-03-18 10:51:37
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#2FA #APT28 #Browser #CredentialHarvesting #CyberSecurity #Email #Government #ICS #InfoSec #OTX #OpenThreatExchange #RAT #UK #Ukr #Ukraine #Ukrainian #Webmail #XSS #bot #AlienVault
