Operation Masquerade: FBI Disrupts APT28 Campaign Across 18,000 Hijacked Routers
·1326 words·7 mins
The threat group tracked as APT28 (Forest Blizzard/Fancy Bear) compromised 18,000 SOHO routers across 120+ countries by exploiting known vulnerabilities and default SNMP credentials. They modified DNS settings to redirect traffic through attacker-controlled servers, enabling adversary-in-the-middle attacks that harvested Microsoft OAuth tokens, passwords, and emails from 200+ organizations. The FBI’s Operation Masquerade sent court-authorized commands to reset compromised routers on U.S. soil.