Apt28

threat-intelligence 2026-04-08
APT28's FrostArmada Hijacked 18,000 SOHO Routers to Steal Microsoft 365 Credentials — FBI Disrupts Operation
Russia-linked APT28 compromised 18,000 MikroTik and TP-Link routers across 120 countries to hijack DNS and steal Microsoft 365 OAuth tokens. FBI disrupts the operation.
apt28 dns-hijacking soho-routers microsoft-365 oauth espionage fbi ncsc

APT28's FrostArmada Hijacked 18,000 SOHO Routers to Steal Microsoft 365 Credentials — FBI Disrupts Operation