TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Infosecurity Magazine

Russian APT28 Hackers Hijack Routers to Steal Credentials, UK Security Agency Warns

2026-04-07 · Read original ↗

ATT&CK techniques detected

4 predictions
T1190Exploit Public-Facing Application
78%
"russian apt28 hackers hijack routers to steal credentials, uk security agency warns russian hacking group apt28 has been exploiting vulnerable internet routers to redirect traffic through attacker - controlled servers and steal credentials from targeted organizations, the uk gove…"
T1190Exploit Public-Facing Application
43%
"was likely exploited using cve - 2023 - 50224, a vulnerability that enables an unauthenticated attacker to obtain information such as password credentials via specially crafted http get requests. these settings were subsequently inherited by downstream devices, for example laptop…"
T1584.008Network Devices
42%
"chain to triage for “ victims of likely intelligence value. ” the uk government associates apt28 “ almost certainly ” to the russian general staff main intelligence directorate ’ s ( gru ) 85th main special service centre ( gtsss ) military intelligence unit 26165, is known under…"
T1557.001Name Resolution Poisoning and SMB Relay
37%
"was likely exploited using cve - 2023 - 50224, a vulnerability that enables an unauthenticated attacker to obtain information such as password credentials via specially crafted http get requests. these settings were subsequently inherited by downstream devices, for example laptop…"

Summary

Newly identified malicious campaigns are linked to virtual private servers modified by APT28 to operate as malicious DNS servers