THE report outlines an ongoing Russian cyber operation, primarily by GRU-linked APT28/Fancy Bear, focusing on intelligence gathering through compromised routers and messaging platforms. Key findings include the manipulation of SOHO routers for DNS hijacking, allowing passive monitoring of traffic without deploying malware. Additionally, phishing attacks target commercial messaging applications like Signal, WhatsApp, and Microsoft 365, aiming to access conversations, contacts, and sensitive communications.
The report emphasizes the strategic targeting of high-value entities including government officials, military personnel, and journalists, signaling a shift from disruptive tactics to persistent intelligence collection. Recommendations for organizations include securing network infrastructure and enforcing strict hygiene for messaging platforms to mitigate risks.