惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Simon Willison's Weblog
Simon Willison's Weblog
T
Troy Hunt's Blog
L
Lohrmann on Cybersecurity
S
Schneier on Security
Spread Privacy
Spread Privacy
WordPress大学
WordPress大学
阮一峰的网络日志
阮一峰的网络日志
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
G
GRAHAM CLULEY
博客园 - 【当耐特】
有赞技术团队
有赞技术团队
SecWiki News
SecWiki News
博客园 - 叶小钗
博客园 - Franky
V
Vulnerabilities – Threatpost
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
O
OpenAI News
小众软件
小众软件
V
V2EX
N
News and Events Feed by Topic
T
The Exploit Database - CXSecurity.com
博客园 - 三生石上(FineUI控件)
The Hacker News
The Hacker News
Project Zero
Project Zero
The Last Watchdog
The Last Watchdog
雷峰网
雷峰网
Google Online Security Blog
Google Online Security Blog
T
Tailwind CSS Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
量子位
D
Docker
Recent Announcements
Recent Announcements
T
Threat Research - Cisco Blogs
P
Privacy International News Feed
爱范儿
爱范儿
PCI Perspectives
PCI Perspectives
Jina AI
Jina AI
博客园 - 司徒正美
云风的 BLOG
云风的 BLOG
大猫的无限游戏
大猫的无限游戏
V2EX - 技术
V2EX - 技术
H
Hackread – Cybersecurity News, Data Breaches, AI and More
The Register - Security
The Register - Security
T
The Blog of Author Tim Ferriss
博客园 - 聂微东
Cloudbric
Cloudbric
S
Security Affairs
F
Fortinet All Blogs

Cybersecurity Dive - Latest News

Dozens of Red Hat npm packages targeted in supply chain attack Turning tension into collaboration: How CIOs and CISOs can lead together Trump signs EO seeking early government access to powerful AI models Anthropic shares Mythos with 150 more organizations, including critical infrastructure operators Without strong governance, companies put credit ratings at risk in AI era CISA adds critical Palo Alto Networks firewall flaw to KEV as company, researchers warn of exploitation How Canva scaled to 260+M users while elevating security and productivity Top 4 data security best practices for the AI-enabled enterprise CISA urges security teams to check for software development compromises How CISOs can manage sovereign-cloud security risks IBM’s new $5B initiative will help enterprises rapidly patch open-source vulnerabilities Enterprise data is creeping its way into shadow AI tools Coordinated operation takes down Glassworm botnet Leading AI models are more vulnerable to malicious prompts than vendors claim Iranian government, not hacktivist group, breached LA Metro system, security firm says FBI warns about PhaaS platform used to access Microsoft 365 environments Iran-linked hackers target key US, allied sectors with sophisticated spear-phishing messages New York regulator calls for additional cyber mitigation amid heightened threat environment CISA asks cybersecurity community to alert it to vulnerability exploitation Grafana Labs links GitHub environment breach to TanStack npm supply chain attack 7-Eleven hit by data breach Microsoft disrupts cybercrime operation that hid behind legitimate software Compromised coding tool helped hackers breach thousands of GitHub repositories Telecom sector launches its own private ISAC Patch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPN Grafana Labs says hacker gained access to codebase through leaked token How a government contest launched a revolution in AI-based bug hunting Attackers exploit critical flaw in Cisco Catalyst SD-WAN Controller MSPs need AI to fight AI-fueled cyberthreats: Guardz More money is going to physical security, but it’s often CISOs that oversee it: EY Frontier AI models reap rapid discovery of security vulnerabilities West Pharmaceutical starts restoring operations after ransomware attack Foxconn confirms cyberattack affecting some North American facilities OpenAI launches Daybreak to combat cyber threats Canvas owner reaches ‘agreement’ with threat actors after data breach Guardrail Technologies launches Traffic Light for Code & AI™; first security technology to verify & secure AI code and the people creating it Identity takes center stage as a leading factor in enterprise cyberattacks AI and an absent government: Takeaways from RSAC 2026 Second Canvas data breach causes major disruptions for schools, colleges AI used to develop working zero-day exploit, researchers warn New cybersecurity industry alliance aims to lead US critical infrastructure protection Identity is the new perimeter as rapid NHI proliferation threatens visibility and control Instructure confirms cybersecurity incident Anthropic’s Claude used in attempted compromise of Mexican water utility Businesses hide vast majority of ransomware attacks, report finds Palo Alto Networks warns state-linked cluster behind zero-day exploitation Businesses eager but unprepared for AI to transform their security strategies Iran-sponsored threat group behind false flag social engineering campaign NIST will test three major tech firms’ frontier AI models for cybersecurity risks Trellix investigating breach of source code repository CISA urges critical infrastructure firms to ‘fortify’ before it’s too late Critical vulnerability in cPanel leads to widespread exploitation New MOVEit vulnerabilities prompt urgent patch warning How OpenClaw’s agent skills become an attack surface White House questions tech industry on defensive AI use, cybersecurity resilience As email phishing evolves, malicious attachments decline and QR codes surge US and allies urge ‘careful adoption’ of AI agents PwC partners with Google Cloud to take on the managed security market US agencies promote zero-trust practices for operational technology networks CISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalog State CISOs losing confidence in ability to manage cyber risks ‘Fundamental tension’ undermines manufacturers’ cybersecurity North Korea-linked actor targets Web3 execs in social-engineering campaign US, UK authorities warn that Firestarter backdoor malware survives patching Major critical infrastructure supplier reports cyberattack When security becomes the attack surface: Why endpoint protection must evolve Hasbro expects March cyberattack to impact second-quarter revenue AI-written software creates hassles for wary security teams Iran-nexus threat groups refine attacks against critical infrastructure China disguises cyberattacks with ‘covert network’ botnets, US and allies warn Trump’s CISA director pick withdraws after tumultuous nomination Phishing — sometimes with AI’s help — topped initial-access methods in Q1, Cisco says Microsoft SharePoint vulnerability widely exposed across multiple countries CISA urges security teams to view environments following axios compromise Big banks seek to ease security worries as AI push accelerates CISA confirms exploitation of 3 more Cisco networking device vulnerabilities Stellantis teams with Microsoft to strengthen digital capabilities Vulnerability exploitation surges often precede disclosure, offering possible early warnings Vercel systems targeted after third-party tool compromised Beyond IT: Cybersecurity is a strategic business risk TP-Link routers face exploitation attempt linked to high-severity flaw US joins nearly two dozen other countries in striking back against DDoS-for-hire platforms CIOs fret over rising security concerns amid AI adoption CISA cancels prestigious summer internships, citing government shutdown NIST limits vulnerability analysis as CVE backlog swells Medium-severity flaw in Microsoft SharePoint exploited FCC exempts Netgear from foreign router ban FCC signals continued commitment to Cyber Trust Mark program Brute-force cyberattacks originating in Middle East surge in Q1 CISOs see gaps in their incident response playbooks US, Indonesia shut down ‘sophisticated’ phishing kit Nearly 4K industrial control devices vulnerable to Iran-linked hacking campaign Stryker warns of earnings fallout from March cyberattack NERC is ‘actively monitoring the grid’ following Iran-linked cyber threat CISA adds second critical flaw in Ivanti EPMM to exploited vulnerabilities catalog Iran-linked hackers target water, energy in US, FBI and CISA warn React2Shell vulnerability helps hackers steal credentials, AI platform keys and other sensitive data Olympic Games, FIFA World Cup offer huge platforms, rich cyberattack surface Threat cluster launches extortion campaign using social engineering CISA’s vulnerability scans, field support on chopping block in Trump budget
US operation evicts Russia from hacked SOHO routers used to breach critical infrastructure
Eric Geller · 2026-04-08 · via Cybersecurity Dive - Latest News

The Justice Department on Tuesday announced that it had stopped Russia’s military intelligence agency from using hacked U.S. routers to maliciously redirect internet traffic and steal data from victims that include governments and critical infrastructure operators.

Operatives of the Russian GRU have spent several years breaking into TP-Link small office and home office (SOHO) routers around the world and reconfiguring them to send DNS requests through Kremlin-controlled servers, which allowed Moscow to collect internet traffic and even passwords, emails and other sensitive information from victim networks. In response, the FBI launched “Operation Masquerade,” sending commands to hacked routers that collected forensic data and reset their DNS settings to erase Russia’s foothold in the devices.

DOJ announced the operation hours after Microsoft revealed Russia’s abuse of SOHO routers. “For nation-state actors like Forest Blizzard,” Microsoft said, “DNS hijacking enables persistent, passive visibility and reconnaissance at scale.”

Microsoft said it had evidence that the GRU hacking group — which researchers have dubbed APT28, Fancy Bear and Forest Blizzard — had been breaking into SOHO routers since at least August 2025. Federal prosecutors said the campaign had been ongoing since at least 2024.

In some cases, Microsoft and the government said, Russia used its access to victim networks to conduct adversary-in-the-middle (AiTM) attacks on secure connections to the Outlook email platform. “An automated filtering process” helped Russia select potentially high-value DNS requests to intercept, federal prosecutors said.

Hijacking DNS traffic to spoof Outlook and other widely used online services “enables the interception of cloud-hosted content,” Microsoft said, “impacting numerous sectors including government, information technology (IT), telecommunications, and energy — all usual targets for this actor.” The company said it had observed the hackers stealing data from “at least three government organizations in Africa.”

Russia’s broad access to compromised routers could help it dramatically scale up its adversary-in-the-middle attacks, Microsoft researchers warned. “Targeting SOHO devices is not a new tactic, technique, or procedure (TTP) for Russian military intelligence actors, but this is the first time Microsoft has observed Forest Blizzard using DNS hijacking at scale to support AiTM of TLS connections after exploiting edge devices.”

The hackers could also use their access to routers for purposes other than information collection, Microsoft said, including delivering malware or conducting denial-of-service attacks. The company said it had not seen that activity so far.

Urgent recommendations to router owners

Businesses can avoid falling victim to similar attacks by upgrading their routers’ firmware, verifying their DNS settings, firewalling remote-management devices and replacing end-of-life equipment.

“Block known or malicious domains to prevent DNS-based attacks, and maintain detailed DNS logs to monitor, investigate, and gain insight into anomalous DNS traffic,” Microsoft said.

The UK.’s National Cyber Security Centre also published an advisory about the hacking campaign with recommendations. “If you cannot move off out-of-date platforms and applications straight away,” the agency said, “there are short term steps you can take to improve your position.”

Router owners should take the threat of DNS hijacking extremely seriously, said Nick Biasini, the head of outreach for Cisco’s Talos threat intelligence team.

“This access can allow them to inject or manipulate traffic in a variety of ways,” Biasini told Cybersecurity Dive. “There are obviously limitations with encrypted traffic and certificate pinning, but the attack surface increases significantly if the actor can hijack the user’s DNS traffic.”

Ramping up cyber deterrence efforts

Operation Masquerade is the latest in a yearslong series of FBI operations to kick foreign government hackers off of U.S. routers. The FBI has described those operations as part of its increasingly aggressive strategy of combating malicious cyber activity.

“Given the scale of this threat, sounding the alarm wasn’t enough,” Brett Leatherman, the head of the FBI’s Cyber Division, said in a statement about the government’s operation. “The FBI will continue to use its authorities to identify and impose costs on state-sponsored actors who target the American people.”

DOJ’s disruption of the Russian router network “will have a significant impact” on the Kremlin’s ability to sustain its hacking campaign, according to Danny Adamitis, a security engineer at Black Lotus Labs, which helped the government with the operation.

At the same time, he said, “the DNS ecosystem is an opportunity space that always has the potential for abuse,” and given Russia’s historic interest in router hijacking attacks, “I expect that they will reconstitute another botnet in the future.”

Editor’s note: This story has been updated with comments from experts.