Russian Hackers Hit SOHO Routers in Cyberespionage Campaign
Russian hackers tied to the GRU Military Unit 26165 have been hacking SOHO routers to spy on encrypted traffic. The campaign, which has affected over 200 organizations and 5,000 consumer devices, involves changing DNS settings to intercept TLS traffic.
Hackers linked to Russian military intelligence have been targeting home and small office routers for cyberespionage. The attackers gain access to the routers and change their DNS settings to point to an attacker-controlled resolver. This allows them to collect DNS traffic and observe DNS requests. In some cases, the hackers launch an on-path attack to read encrypted TLS communications as plaintext. The campaign has affected over 200 organizations and 5,000 consumer devices across various sectors. The attackers' goals include collecting sensitive information and potentially distributing malware or creating a denial-of-service condition.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.