US Thwarts DNS Hijacking Network Controlled by Russian APT28 Hackers
Overview
The FBI has successfully disrupted a network of DNS hijacking attacks linked to the Russian hacking group APT28. This group, also known as Fancy Bear, has been known for targeting various sectors, including government and military organizations. The FBI's action involved disconnecting US-based routers that had been compromised, effectively cutting them off from APT28's control. This incident underscores the ongoing threat posed by foreign cyber actors to US infrastructure and services. By taking these routers offline, the FBI aims to protect users from being redirected to malicious sites that could steal sensitive information or install malware.
Key Takeaways
- Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
- Affected Systems: US-based routers, DNS services
- Action Required: FBI disconnected compromised routers from the malicious network; users should ensure their routers are secured and updated.
- Timeline: Disclosed on October 2023
Original Article Summary
The FBI deployed a method to unplug US-based routers compromised by APT28 from the threat actor’s malicious network
Impact
US-based routers, DNS services
Exploitation Status
This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.
Timeline
Disclosed on October 2023
Remediation
FBI disconnected compromised routers from the malicious network; users should ensure their routers are secured and updated.
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to Malware.