Russia-Linked APT28 Group Exploits SOHO Routers for Cyber Espionage

Russia-linked advanced persistent threat (APT) group APT28, also known as Forest Blizzard, is conducting cyber espionage by exploiting vulnerable small office/home office (SOHO) routers. The attack involves modifying a single DNS setting on compromised routers to intercept and harvest login credentials from global organizations. The campaign does not rely on traditional malware but instead employs "malwareless" techniques, leveraging legitimate router configurations for stealth. No specific dates, CVE IDs, or numerical impact metrics were provided in the reported details. The primary impact is unauthorized access to sensitive credentials through DNS manipulation.