A new campaign by the Russia-linked threat actor APT28, also known as Forest Blizzard, has been discovered to compromise insecure MikroTik and TP-Link routers since at least May 2025.
These compromised routers are being used as malicious infrastructure under the control of APT28 as part of a large-scale cyber espionage campaign.
The threat actor has been exploiting vulnerabilities in these SOHO routers to modify their settings and gain control over them, allowing them to intercept and manipulate sensitive information.
The exploitation campaign, which has been codenamed, highlights the risks associated with using insecure routers and the importance of regularly updating and securing them to prevent such attacks.
APT28’s ability to compromise and control these routers demonstrates their sophisticated capabilities and poses a significant threat to global cybersecurity.
As the campaign continues to evolve, it is essential for organizations and individuals to take proactive measures to secure their routers and protect themselves against such threats.
Source: Original Article
