A recent operation by US authorities has disrupted a Russian espionage campaign that leveraged compromised routers and DNS hijacking to conduct surveillance. The APT28 threat group, known for its ties to Russian intelligence, exploited vulnerabilities in TP-Link and MikroTik routers to intercept sensitive information. By hijacking DNS queries, the attackers were able to redirect traffic and conduct adversary-in-the-middle (AitM) attacks, allowing them to steal credentials and sensitive data. The use of hacked routers and DNS hijacking techniques demonstrates the group's ability to adapt and evolve its tactics1. This shift in tactics by a state-aligned threat group like APT28 changes the threat model from a traditional criminal enterprise to a geopolitical one, requiring a different approach to defense. So what matters to practitioners is that they must now consider the geopolitical motivations and capabilities of threat groups like APT28 when assessing and mitigating potential risks.
US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking
⚠️ Critical Alert
Why This Matters
State-aligned activity involving APT28 shifts the threat model from criminal to geopolitical — different playbook required.
References
- SecurityWeek. (2026, April 8). US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking. SecurityWeek. https://www.securityweek.com/us-disrupts-russian-espionage-operation-involving-hacked-routers-and-dns-hijacking/
Original Source
SecurityWeek
Read original →