VulnHub

Real-time Cybersecurity News

Inside the FBI’s router takedown that cut off APT28’s ‘tremendous access’

CyberScoop
Actively Exploited

Overview

The FBI has taken significant action against the Russian hacking group APT28, which is linked to the GRU, the Russian military intelligence agency. This operation targeted routers that APT28 had compromised, allowing them to access a range of networks. According to Brett Leatherman, the FBI's cyber chief, this group's ability to propagate attacks from routers made their threat particularly concerning. By disrupting this access, the FBI aims to protect various organizations from potential espionage and data breaches. This incident underscores the persistent risk posed by state-sponsored cyber actors and highlights the importance of securing network infrastructure to prevent similar intrusions in the future.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Routers, network devices
  • Action Required: Organizations should ensure their routers are updated to the latest firmware, implement strong security configurations, and regularly monitor network traffic for unusual activity.
  • Timeline: Ongoing

Original Article Summary

FBI cyber chief Brett Leatherman told CyberScoop the Russian GRU campaign was unique in how it could propagate from routers to beyond. The post Inside the FBI’s router takedown that cut off APT28’s ‘tremendous access’ appeared first on CyberScoop.

Impact

Routers, network devices

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing

Remediation

Organizations should ensure their routers are updated to the latest firmware, implement strong security configurations, and regularly monitor network traffic for unusual activity.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

Healthcare IT solutions provider ChipSoft hit by ransomware attack

BleepingComputer

ChipSoft, a Dutch healthcare software provider, has been hit by a ransomware attack that has disrupted its online services. The attack forced the company to take its website and digital services offline, affecting both patients and healthcare providers who rely on their systems for medical information and services. This incident raises concerns about the security of healthcare IT systems, especially as they handle sensitive patient data. The downtime could lead to delays in patient care and disrupt operations for healthcare professionals. As ransomware attacks continue to pose a significant threat to the healthcare sector, this incident serves as a reminder of the vulnerabilities present in digital health infrastructure.

Apr 9, 2026

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

The Hacker News

A recently patched vulnerability in the EngageLab SDK, a third-party software development kit used in many Android applications, has potentially exposed the private data of around 50 million users, including 30 million cryptocurrency wallet holders. The flaw allowed apps on the same device to bypass Android's security measures, enabling unauthorized access to sensitive information. This incident raises significant concerns about the security of users' cryptocurrency assets, as the compromised data could have led to theft or fraud. Developers using the EngageLab SDK are urged to update their applications to protect users from potential attacks. The vulnerability was identified and addressed, but users should remain vigilant about app permissions and security practices.

Apr 9, 2026

Do Ceasefires Slow Cyberattacks? History Suggests Not

darkreading

The cybersecurity community is closely observing whether Iranian hackers will adhere to a ceasefire that does not specifically mention them. Historically, ceasefires in geopolitical conflicts have not significantly impacted the frequency of cyberattacks. Experts suggest that despite a temporary halt in physical hostilities, cyber operations often continue unabated. This raises concerns for organizations and governments that might be targeted by Iranian cyber actors, as they may not feel bound by such agreements. The situation underscores the ongoing risk that cyber threats pose, irrespective of diplomatic efforts.

Apr 9, 2026

Smart Slider updates hijacked to push malicious WordPress, Joomla versions

BleepingComputer

Hackers have compromised the update system for the Smart Slider 3 Pro plugin, which is used in WordPress and Joomla websites. These attackers managed to distribute a malicious version of the plugin that contains multiple backdoors, allowing them to access and control affected sites. This incident puts users of both platforms at risk, as the malicious code can lead to data breaches and unauthorized actions on their websites. Website administrators should be particularly vigilant, as the compromised update could have far-reaching consequences if not addressed promptly. Users are strongly advised to check their installations and update to the latest secure versions to mitigate any potential damage.

Apr 9, 2026

Sensitive LAPD documents reportedly leaked online by World Leaks

SCM feed for Latest

Sensitive documents from the Los Angeles Police Department have reportedly been leaked online by a group known as World Leaks. The breach has exposed around 7.7 terabytes of data, which includes over 337,000 files. This incident raises serious concerns about the security of law enforcement data and the potential implications for public safety and privacy. With such a large volume of sensitive information now accessible, there is a heightened risk of misuse or further exploitation. The LAPD and other authorities will need to take immediate action to assess the extent of the breach and protect against future incidents.

Apr 9, 2026

Dutch healthcare software vendor ChipSoft hit by ransomware attack

SCM feed for Latest

On April 7, 2026, ChipSoft, a healthcare software vendor based in the Netherlands, suffered a ransomware attack that has been confirmed by Z-CERT, the country's computer emergency response team for the healthcare sector. This incident raises serious concerns about the security of healthcare data, as ransomware attacks can disrupt medical services and compromise sensitive patient information. The attack's timing is particularly alarming given the essential role that healthcare software plays in patient care and operations. Authorities are likely working to assess the full impact of the breach and to assist affected healthcare providers in managing the fallout. This incident underscores the ongoing vulnerabilities in the healthcare sector regarding cybersecurity threats.

Apr 9, 2026