US Thwarts DNS Hijacking Network Controlled by Russian APT28 Hackers
The FBI deployed a method to unplug US-based routers compromised by APT28 from the threat actor’s malicious network
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
The FBI deployed a method to unplug US-based routers compromised by APT28 from the threat actor’s malicious network
200 orgs and 5,000 devices compromised so far in Vlad's latest intelligence grab, Microsoft reckons The UK's National Cyber Security Centre (NCSC) has issued a fresh warning about Russia's ongoing targeting of routers to steal passwords and other secrets.…
The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espionage campaign since at least May 2025
Fancy Bear can't keep its claws out of Outlook inboxes The UK government is warning that Russia's APT28 (also known as Fancy Bear or Forest Blizzard) has been deploying previously unknown malware to harvest Microsoft email credentials and steal access to compromised accounts.…
A Russian state-sponsored cyberespionage campaign attributed to APT28 (Fancy Bear/Forest Blizzard) hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine. [...]
APT28 Used Microsoft Outlook Zero-Day, Governments SaidThe German and Czech governments on Friday disclosed that Russian military intelligence hackers targeted political parties and critical infrastructure as part of an espionage campaign that began last year. "The EU will not tolerate such malicious behavior," the European Union said in a statement.
This blog entry aims to highlight the dangers of internet-facing routers and elaborate on Pawn Storm's exploitation of EdgeRouters, complementing the FBI's advisory from February 27, 2024.
Microsoft Warns APT28's GooseEgg Tool Enables Credential TheftRussian military intelligence hackers are using an 18 month-old vulnerability in the Windows print spooler utility to deploy a custom tool that elevates privileges and steals credentials. Microsoft says it's seen post-compromise activities against Ukrainian, European and North American governments.
The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg
Putin's pals use 'GooseEgg' malware to launch attacks you can defeat with patches or deletion Russian spies are exploiting a years-old Windows print spooler vulnerability and using a custom tool called GooseEgg to elevate privileges and steal credentials across compromised networks, according to Microsoft Threat Intelligence.…
Russian APT28 military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners. [...]