THE UK National Cyber Security Centre (NCSC) has issued an advisory exposing Russian cyber group APT28 for hijacking vulnerable internet routers to facilitate Domain Name System (DNS) hijacking attacks. This enables attackers to reroute internet traffic to malicious servers, intercept user data like passwords and access tokens, and harvest sensitive information. The advisory suggests that APT28's actions are opportunistic, initially targeting a broad audience before focusing on specific intelligence interests.
NCSC emphasizes the importance of network security, urging organizations to implement mitigation strategies to protect against these types of attacks and maintain up-to-date systems. APT28 is linked to Russia’s GRU and has prior history with advanced malware and targeted cyber campaigns.