US Thwarts DNS Hijacking Network Controlled by Russian APT28 Hackers
The FBI deployed a method to unplug US-based routers compromised by APT28 from the threat actor’s malicious network
APT28 is a cyber-espionage threat group associated with targeted attacks against governments, political organizations, and critical infrastructure.
Search across headline titles and summaries.
Background for this topic.
APT28 is a cyber espionage group linked to Russian military intelligence, known for targeting government, military, and security organizations mainly in Europe and North America. They use custom malware, spear-phishing emails, and occasionally zero-day exploits to infiltrate networks and maintain long-term access for intelligence gathering and influence operations.
Security teams should focus on detecting APT28’s use of specialized backdoors and credential theft tools that enable stealthy lateral movement. Monitoring for targeted spear-phishing campaigns and unusual outbound connections can reveal early compromise signs. Because APT28 sometimes exploits unpatched vulnerabilities, prompt patching and integrating threat intelligence about their tactics are key to limiting exposure and preventing sensitive data loss or operational disruption.
Weekly headline count for the current query.
The FBI deployed a method to unplug US-based routers compromised by APT28 from the threat actor’s malicious network
Newly identified malicious campaigns are linked to virtual private servers modified by APT28 to operate as malicious DNS servers
Russia-linked hacking group Fancy Bear is exploiting a brand-new vulnerability in Microsoft Office, CERT-UA says
The backdoor is a sophisticated VBA-based malware targeting Microsoft Outlook
While “fairly primitive”, APT28’s LameHug was a testbed for future AI-powered attacks, said two MITRE experts during Black Hat USA 2025
NSA, NCSC and allies warn Western tech and logistics firms of Russian APT28 cyber-espionage threat
The French government has criticized Russia’s APT28 group for attacking 12 entities in a long-running espionage campaign
Microsoft has warned of a long-running credential stealing campaign from Russia’s APT28
Trend Micro reported recent attacks focused on government sectors, including foreign affairs, energy, defense and transportation
Notorious Russian APT28 group is actively exploiting CVE-2023-23397 to hijack Exchange email accounts
The attack has been carried out using legitimate services and standard software functions, CERT-UA observed
Tech giant disrupts APT28 but warns of all-out cyber-offensive