Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
Summary
Law enforcement agencies, in collaboration with private sector partners, have successfully dismantled FrostArmada, a cybercrime operation by APT28. This campaign involved hijacking vulnerable MikroTik and TP-Link routers to redirect users and steal Microsoft 365 login credentials.
IFF Assessment
FRIEND
This is good news for defenders as a significant threat actor campaign targeting a common attack vector has been disrupted.
Defender Context
This operation highlights the ongoing threat posed by compromised network devices, particularly routers, as an entry point for credential theft. Defenders should prioritize securing network edge devices through regular patching, strong authentication, and network segmentation to prevent similar hijacking attempts.