Nation-State Threats

Operation Masquerade: FBI Disrupts APT28 Campaign Across 18,000 Hijacked Routers

16 April 2026·1326 words·7 mins

DNS Hijacking APT28 Nation-State Threats SOHO Router Security Threat-Intelligence Network-Security

The threat group tracked as APT28 (Forest Blizzard/Fancy Bear) compromised 18,000 SOHO routers across 120+ countries by exploiting known vulnerabilities and default SNMP credentials. They modified DNS settings to redirect traffic through attacker-controlled servers, enabling adversary-in-the-middle attacks that harvested Microsoft OAuth tokens, passwords, and emails from 200+ organizations. The FBI’s Operation Masquerade sent court-authorized commands to reset compromised routers on U.S. soil.

The FCC Just Banned Foreign-Made Routers. It Should Have Happened Years Ago.

25 March 2026·1191 words·6 mins

Cybersecurity Supply Chain Security Network-Security FCC Firmware-Security Nation-State Threats

On March 23, 2026, the FCC updated its Covered List to include every consumer-grade router produced outside the United States. New models can’t get FCC equipment authorization, which means they can’t be imported or sold here. Existing models already on shelves aren’t affected, and manufacturers can apply for a “Conditional Approval” exemption through the Department of War (formerly Department of Defense) or the Department of Homeland Security. The ruling names the Volt, Flax, and Salt Typhoon campaigns as direct justification. And that’s where this gets interesting for anyone working in network security.

↑