Mastodawn

Une campagne d’ #espionnage détourne des milliers de #routeurs dans le monde. Le groupe de hackers #ForestBlizzard pirate des routeurs #SOHO vulnérables pour l'interception des flux #Microsoft 365. Cette opération d'espionnage utilise une manipulation du #DNS pour le vol de jetons d'authentification sans pénétration directe des serveurs de l'entreprise américaine
https://www.clubic.com/actualite-608353-une-campagne-d-espionnage-detourne-des-milliers-de-routeurs-dans-le-monde.html

Une campagne d’espionnage détourne des milliers de routeurs dans le monde

Le groupe de hackers Forest Blizzard pirate des routeurs SOHO vulnérables pour l'interception des flux Microsoft 365. Cette opération d'espionnage utilise une manipulation du DNS pour le vol de jetons d'authentification sans pénétration directe des serveurs de l'entreprise américaine.

clubic.com

The Threat Codex Apr 8

FrostArmada: All thriller, no (malware) filler
#ForestBlizzard
https://www.lumen.com/blog-and-news/en-us/frostarmada-forest-blizzard-dns-hijacking

Frostarmada forest blizzard dns hijacking

A DNS setting change on a single router can quietly reroute an entire network’s authentication traffic. In FrostArmada, Lumen observed Forest Blizzard using that technique ...

Hackread.com Apr 8

📢 Russian-linked #ForestBlizzard hackers hijack home routers for global surveillance, as Microsoft warns that thousands of devices are compromised to intercept traffic and sensitive data.

Read: https://hackread.com/russian-forest-blizzard-hackers-hijack-home-routers/

#CyberSecurity #Hacking #Russia #FancyBear #Routers

Russian Forest Blizzard Hackers Hijack Home Routers for Global Spying

Microsoft Threat Intelligence reveals how Russian hacking group Forest Blizzard uses home routers for DNS hijacking and spying.

Hackread - Cybersecurity News, Data Breaches, AI and More

Marcel SIneM(S)US Apr 8

Warnung aus UK 🇬🇧 : Russische Cyberkriminelle kapern Router zum Passwort-Klau | heise online https://www.heise.de/news/Warnung-aus-UK-Russische-Cyberkriminelle-kapern-Router-zum-Passwort-Klau-11247959.html #CyberCrime #Russland 🇷🇺 #Russia 🇷🇺 #APT28 #ForestBlizzard #FancyBear #STRONTIUM #Sednit #Sofacy

Warnung aus UK: Russische Cyberkriminelle kapern Router zum Passwort-Klau

Das britische Cybersicherheitszentrum NCSC meldet Cyberangriffe auf Internetrouter. Die Bande aus Russland ist auch mehrerer Attacken in Deutschland verdächtig.

heise online

Analyst207 Apr 8

Feds Disrupt Russia-Backed Espionage Network Infecting 18,000 Devices

Federal authorities have successfully disrupted a massive Russia-backed espionage operation that had infiltrated nearly 18,000 devices, stealing sensitive account credentials and tokens by hijacking internet traffic. This significant takedown thwarts the efforts of Forest Blizzard, a notorious threat group linked to Russia's GRU.

https://osintsights.com/feds-disrupt-russia-backed-espionage-network-infecting-18000-devices

#Russia #ForestBlizzard #Gru #EspionageNetwork #CredentialHarvesting

Feds Disrupt Russia-Backed Espionage Network Infecting 18,000 Devices

Feds disrupt Russia-backed espionage network infecting 18000 devices, learn how authorities stopped Forest Blizzard's massive credential theft operation now.

OSINTSights

Analyst207 Apr 7

APT28 Hijacks SOHO Routers in Global DNS Espionage Push

Your home router, that innocent-looking box under your desk, can be turned against you: a Russia-linked cyber threat group, APT28, has been hijacking insecure SOHO routers worldwide to fuel a massive DNS espionage campaign. By exploiting vulnerabilities in popular router brands like MikroTik and TP-Link, they've been manipulating DNS settings to spy on…

https://osintsights.com/apt28-hijacks-soho-routers-in-global-dns-espionage-push

#Apt28 #ForestBlizzard #DnsEspionage #SohoRouters #Mikrotik

APT28 Hijacks SOHO Routers in Global DNS Espionage Push

APT28 hijacks SOHO routers in global DNS espionage, learn how to protect your network now and prevent DNS hijacking attacks today.

OSINTSights

KrebsOnSecurity RSS Apr 7

Russia Hacked Routers to Steal Microsoft Office Tokens

https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/

#NationalCyberSecurityCentre #InternetofThings(IoT) #Ne'er-Do-WellNews #ALittleSunshine #MicrosoftOffice #LatestWarnings #TheComingStorm #BlackLotusLabs #ForestBlizzard #DannyAdamitis #RyanEnglish #FancyBear #MikroTik #TP-Link #APT28 #Lumen

Russia Hacked Routers to Steal Microsoft Office Tokens – Krebs on Security

The Threat Codex Apr 7

SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks
#ForestBlizzard #Storm_2754
https://www.microsoft.com/en-us/security/blog/2026/04/07/soho-router-compromise-leads-to-dns-hijacking-and-adversary-in-the-middle-attacks/

SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks | Microsoft Security Blog

Executive summary Forest Blizzard, a threat actor linked to the Russian military, has been compromising insecure home and small-office internet equipment like routers, then modifying their settings in ways that turn them into part of the actor’s malicious infrastructure.

Microsoft Security Blog

Marcel SIneM(S)US Nov 24, 2024

Nearest Neighbor Attack: Angriff über WLAN des Nachbarn | Security https://www.heise.de/news/US-Firma-ueber-benachbarte-WLAN-Geraete-Dritter-angegriffen-10129358.html #CyberCrime #APT28 #FancyBear #ForestBlizzard #Sofacy #GruesomeLarch

Nearest Neighbor Attack: Angriff über WLAN des Nachbarn

Multi-Faktor-Authentifizierung schützt nicht, wenn nicht alle Zugänge damit versehen sind – das musste ein US-Unternehmen durch APT28 lernen.

heise online

gtbarry May 12, 2024

Windows vulnerability reported by the NSA exploited to install Russian malware

Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years in attacks that targeted a vast array of organizations with a previously undocumented tool, the software maker disclosed

#ForestBlizzard #Microsoft #Windows #russia #russian #NSA #malware #security #cybersecurity #hackers #hacking #hacked

https://arstechnica.com/security/2024/04/kremlin-backed-hackers-exploit-critical-windows-vulnerability-reported-by-the-nsa/

Windows vulnerability reported by the NSA exploited to install Russian malware

Microsoft didn't disclose the in-the-wild exploits by Kremlin-backed group until now.

Ars Technica