VulnHub

Real-time Cybersecurity News

Russian APT28 Hackers Hijack Routers to Steal Credentials, UK Security Agency Warns

Infosecurity Magazine
Actively Exploited
Malware

Overview

The UK security agency has issued a warning about a new series of cyberattacks linked to the Russian hacking group APT28. These attackers are modifying virtual private servers to function as malicious DNS servers, which they then use to hijack routers. This tactic allows them to steal user credentials and potentially gain access to sensitive information. The implications of these attacks are significant, as they could affect a wide range of internet users and organizations relying on compromised routers for secure connections. Users are advised to ensure their router firmware is up-to-date and to monitor their networks for any suspicious activity.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Routers, DNS servers
  • Action Required: Update router firmware and monitor network activity for suspicious behavior.
  • Timeline: Newly disclosed

Original Article Summary

Newly identified malicious campaigns are linked to virtual private servers modified by APT28 to operate as malicious DNS servers

Impact

Routers, DNS servers

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Update router firmware and monitor network activity for suspicious behavior.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

The New Rules of Engagement: Matching Agentic Attack Speed

SecurityWeek

The article discusses the urgent need for a complete overhaul of cybersecurity strategies in response to threats posed by AI-enabled nation-state actors. Current incremental approaches are deemed insufficient against the rapid evolution of these threats. The author emphasizes that organizations must adopt architectural changes to effectively counteract the speed and sophistication of attacks. This shift is crucial for national security and the protection of sensitive information across various sectors. The piece calls for a proactive stance that goes beyond traditional methods, urging stakeholders to rethink their cybersecurity frameworks to stay ahead of potential adversaries.

Apr 7, 2026

Russian hackers hijack internet traffic using vulnerable routers

Help Net Security

The UK’s National Cyber Security Centre (NCSC) has issued a warning about the Russian cyber group APT28, which is reportedly hijacking internet traffic by compromising vulnerable routers. The attackers manipulate DHCP and DNS settings to redirect user traffic through their own servers, allowing them to spy on victims. This activity is linked to the GRU's Military Intelligence Unit 26165. Organizations and individuals using susceptible routers may be at risk, making it crucial for them to secure their devices against such exploits. The ongoing activity highlights the need for constant vigilance in network security, especially when it comes to maintaining router configurations.

Apr 7, 2026

Critical Flowise Vulnerability in Attacker Crosshairs

SecurityWeek

A serious vulnerability has been discovered in Flowise that allows attackers to run arbitrary JavaScript code, which could lead to unauthorized access to a user's file system. This issue stems from improper validation of user-supplied code, making it a significant risk for users and organizations relying on Flowise. If exploited, attackers could manipulate data or install malicious software, raising concerns about data integrity and security. Users need to be aware of this vulnerability and take steps to secure their systems. Immediate action is necessary to prevent potential breaches and safeguard sensitive information.

Apr 7, 2026

Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access

The Hacker News

A serious vulnerability in Docker Engine, identified as CVE-2026-34040, has been reported that allows attackers to bypass authorization plugins under certain conditions. This flaw has a high severity rating, with a CVSS score of 8.8, and it is rooted in an incomplete fix for a previous vulnerability, CVE-2024-41110, which was disclosed in July 2024. This means that systems relying on Docker for container management could be at risk, potentially allowing unauthorized access to the host system. Organizations using Docker should take immediate action to assess their exposure and implement necessary security measures. The implications of this vulnerability are significant, as it could lead to unauthorized actions on affected systems, compromising sensitive data and operations.

Apr 7, 2026

Windows zero-day vulnerability 'BlueHammer' exploit code released

SCM feed for Latest

A new privilege escalation vulnerability, dubbed 'BlueHammer', has been identified in Windows operating systems. This flaw, which merges a time-of-check to time-of-use (TOCTOU) vulnerability with path confusion, allows attackers to gain higher-level access to systems. Users of affected Windows versions are particularly at risk, as this could enable unauthorized actions that compromise system security. The release of exploit code for BlueHammer raises concerns about its potential use in cyberattacks, making it crucial for organizations to address this vulnerability promptly. Keeping systems updated and applying any available patches will be essential to mitigate the risks associated with this flaw.

Apr 7, 2026

Uffizi Galleries cyberattack: Data stolen, backups restore archive

SCM feed for Latest

In February 2026, the Uffizi Galleries, a renowned art museum in Florence, Italy, fell victim to a cyberattack that resulted in the theft of its complete photographic archive. The attack raised significant concerns about the security of cultural institutions, which often hold invaluable collections. The museum has since managed to restore its archive using backups, but the incident raises questions about the adequacy of cybersecurity measures in place to protect sensitive data. Such breaches not only threaten the integrity of cultural heritage but also expose institutions to potential reputational damage and financial losses. This incident serves as a stark reminder for museums and similar organizations to bolster their cybersecurity defenses.

Apr 7, 2026