Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Helping small businesses with free, hands-on cyber consultancy

    July 15, 2026

    US charges alleged operators of Russian bulletproof hosting service

    July 15, 2026

    Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days

    July 14, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»News»APT28 exploit routers to enable DNS hijacking operations | National Cyber Security Centre
    News

    APT28 exploit routers to enable DNS hijacking operations | National Cyber Security Centre

    adminBy adminApril 7, 2026No Comments2 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    The AitM activity could be conducted against both user browser sessions and desktop applications. Harvested authentication material could include both passwords and OAuth or similar authentication tokens. Subsequent malicious logins using this stolen data may originate from further infrastructure not listed in this advisory.

    It is believed that the DNS hijacking operations are opportunistic in nature, with the actor gaining visibility of a large pool of candidate target users then filtering down users at each stage in the exploitation chain to triage for victims of likely intelligence value.

    TP-Link router exploitation

    One of the router models that APT28 exploited for their DNS poisoning operations was the TP-Link WR841N, likely using CVE-2023-50224 [T1584.008, T1588.006]. This vulnerability enables an unauthenticated attacker to obtain information such as password credentials via specially crafted HTTP GET requests.

    Having obtained the credentials for a router, the actor was then able to send a second specially crafted HTTP GET request to alter the DHCP DNS settings of that router.

    The GET request would typically set the router’s primary DNS server to a malicious IP address, whilst also setting the secondary DNS server to the original primary DNS server’s IP address. On occasion both the primary and secondary DNS server had been set to malicious IP addresses, indicating that a router had likely been exploited multiple times.

    Other TP-Link router models were also targeted by APT28 to enable their DNS hijacking operations.  A list can be found in the Indicators of Compromise section.
     



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleZDI-26-234: Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
    Next Article CVE-2026-4788 | THREATINT
    admin
    • Website

    Related Posts

    News

    Helping small businesses with free, hands-on cyber consultancy

    July 15, 2026
    News

    US charges alleged operators of Russian bulletproof hosting service

    July 15, 2026
    News

    Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days

    July 14, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202634 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202634 Views
    Our Picks

    Helping small businesses with free, hands-on cyber consultancy

    July 15, 2026

    US charges alleged operators of Russian bulletproof hosting service

    July 15, 2026

    Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days

    July 14, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.