Dns-Hijacking

threat-intelligence 2026-04-08
APT28's FrostArmada Hijacked 18,000 SOHO Routers to Steal Microsoft 365 Credentials — FBI Disrupts Operation
Russia-linked APT28 compromised 18,000 MikroTik and TP-Link routers across 120 countries to hijack DNS and steal Microsoft 365 OAuth tokens. FBI disrupts the operation.
apt28 dns-hijacking soho-routers microsoft-365 oauth espionage fbi ncsc
vulnerabilities 2026-04-02 Critical
CVE-2026-0625: Unauthenticated RCE via DNS Config Endpoint Hits Millions of End-of-Life D-Link Routers
A critical command injection flaw in the dnscfg.cgi endpoint of legacy D-Link DSL, DIR, and DNS devices enables unauthenticated RCE — with no patches coming and active exploitation dating back to November 2025.
d-link router zero-day cve-2026-0625 command-injection dns-hijacking eoл botnet

APT28's FrostArmada Hijacked 18,000 SOHO Routers to Steal Microsoft 365 Credentials — FBI Disrupts Operation