Russia's Forest Blizzard Nabs Rafts of Logins via SOHO Routers
Heard of fileless malware? How about malwareless cyber espionage? Russia's APT28 is spying on global organizations by modifying just one DNS setting in vulnerable routers.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Heard of fileless malware? How about malwareless cyber espionage? Russia's APT28 is spying on global organizations by modifying just one DNS setting in vulnerable routers.
The FBI deployed a method to unplug US-based routers compromised by APT28 from the threat actor’s malicious network
Hijacking DNS Settings Helps Russian Hackers Decrypt TLS Traffic, Microsoft WarnsHackers tied to Russia's GRU military intelligence agency are compromising SOHO routers to hijack their DNS settings and spy on the cloud activities of high-value government, IT, telecommunications and energy organizations, Microsoft warns.
The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espionage campaign since at least May 2025
Newly identified malicious campaigns are linked to virtual private servers modified by APT28 to operate as malicious DNS servers
Shadow Aeza International Directed Traffic to Malicious AdtechA financially motivated threat actor hacked dozens of domain name system resolvers, connecting them to the infrastructure of a Russian bulletproof hosting service sanctioned by the U.S. Department of Treasury for its criminal links, researchers found.
Over a million domains are susceptible to takeover by malicious actors by means of what has been called a Sitting Ducks attack
Eight-year-old domain hijacking technique still claiming victims Dozens of Russia-affiliated criminals are right now trying to wrest control of web domains by exploiting weak DNS services.…
A new DNS threat actor dubbed Savvy Seahorse is leveraging sophisticated techniques to entice targets into fake investment platforms and steal funds
The threat actor known as ChamelGang has been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actor's capabilities
Russian retail chain 'DNS' (Digital Network System) disclosed yesterday that they suffered a data breach that allegedly exposed the personal information of 16 million customers and employees. [...]
TCP-based, DNS water-torture, and carpet-bombing attacks dominate the DDoS threat landscape, while Ireland, India, Taiwan, and Finland are battered by DDoS attacks resulting from the Russia/Ukraine war.