US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking
Summary
The US has disrupted a Russian espionage operation that leveraged compromised TP-Link and MikroTik routers. The operation involved adversary-in-the-middle (AitM) attacks and DNS hijacking, likely carried out by the APT28 threat group.
IFF Assessment
FOE
This is bad news for defenders as it highlights a sophisticated state-sponsored attack using compromised infrastructure and common network devices to conduct espionage.
Defender Context
This incident underscores the persistent threat of state-sponsored actors exploiting network device vulnerabilities and using DNS hijacking for malicious purposes. Defenders should prioritize securing network edge devices, maintaining up-to-date firmware, and implementing robust DNS security measures to detect and prevent similar attacks.