Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign

APT28, a Russian state-linked cyber threat actor, has initiated a global campaign targeting insecure MikroTik and TP-Link routers. The operation involves modifying router settings to establish malicious infrastructure for cyber espionage purposes. This campaign has been active since at least May 2025.

This briefing snippet has been strictly truncated for global aggregation. Operators must securely establish a dedicated intelligence uplink below to access the full operational report exactly as authored by the origin network.