Russia's Forest Blizzard Nabs Rafts of Logins via SOHO Routers

📅 9 April 2026 at 01:00 UTC📰 Dark ReadingView original source ↗

Heard of fileless malware? How about malwareless cyber espionage? Russia's APT28 is spying on global organizations by modifying just one DNS setting in vulnerable routers.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

APT28 is using a novel technique to compromise global organizations by modifying a single DNS setting in vulnerable SOHO routers, allowing them to steal logins without deploying malware.

⚙️Technical Details

Affected Systems

SOHO routers

Attack Vectors

DNS setting modification

💥Impact Assessment

Severity: H

Who Is at Risk

Global organizations with vulnerable SOHO routers

🛡️Recommended Actions

1Regularly update and patch SOHO router firmware

2Implement DNS security measures, such as DNSSEC

3Conduct network segmentation to limit lateral movement

📦Affected Products

Netgear R7000Linksys EA6350

Read the full article

This is a curated summary. The complete article is available at Dark Reading.

Read on Dark Reading ↗

← Back to feed