UK TimesUK Times
  • Home
  • News
  • TV & Showbiz
  • Money
  • Health
  • Science
  • Sports
  • Travel
  • More
    • Web Stories
    • Trending
    • Press Release
What's Hot
Wayne Rooney names the one surprise player Thomas Tuchel may regret not calling up to his World Cup squad amid England’s right back crisis

Wayne Rooney names the one surprise player Thomas Tuchel may regret not calling up to his World Cup squad amid England’s right back crisis

2 July 2026
Tropical storm Douglas forms in Pacific Ocean, no threat to land, hurricane center says – UK Times

Tropical storm Douglas forms in Pacific Ocean, no threat to land, hurricane center says – UK Times

2 July 2026
Ryan Lochte’s ex-wife Kayla Rae Reid celebrates being ‘finally free’ as divorce is made official

Ryan Lochte’s ex-wife Kayla Rae Reid celebrates being ‘finally free’ as divorce is made official

2 July 2026
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram
UK TimesUK Times
Subscribe
  • Home
  • News
  • TV & Showbiz
  • Money
  • Health
  • Science
  • Sports
  • Travel
  • More
    • Web Stories
    • Trending
    • Press Release
UK TimesUK Times
Home » APT28 exploit routers to enable DNS hijacking operations | National Cyber Security Centre
News

APT28 exploit routers to enable DNS hijacking operations | National Cyber Security Centre

By uk-times.com12 April 2026No Comments2 Mins Read
Facebook Twitter LinkedIn Telegram Pinterest Tumblr Reddit WhatsApp Email
Share
Facebook Twitter LinkedIn Pinterest Email

The AitM activity could be conducted against both user browser sessions and desktop applications. Harvested authentication material could include both passwords and OAuth or similar authentication tokens. Subsequent malicious logins using this stolen data may originate from further infrastructure not listed in this advisory.

It is believed that the DNS hijacking operations are opportunistic in nature, with the actor gaining visibility of a large pool of candidate target users then filtering down users at each stage in the exploitation chain to triage for victims of likely intelligence value.

TP-Link router exploitation

One of the router models that APT28 exploited for their DNS poisoning operations was the TP-Link WR841N, likely using CVE-2023-50224 [T1584.008, T1588.006]. This vulnerability enables an unauthenticated attacker to obtain information such as password credentials via specially crafted HTTP GET requests.

Having obtained the credentials for a router, the actor was then able to send a second specially crafted HTTP GET request to alter the DHCP DNS settings of that router.

The GET request would typically set the router’s primary DNS server to a malicious IP address, whilst also setting the secondary DNS server to the original primary DNS server’s IP address. On occasion both the primary and secondary DNS server had been set to malicious IP addresses, indicating that a router had likely been exploited multiple times.

Other TP-Link router models were also targeted by APT28 to enable their DNS hijacking operations.  A list can be found in the Indicators of Compromise section.
 

Share. Facebook Twitter Pinterest LinkedIn Tumblr Telegram Email

Related News

Tropical storm Douglas forms in Pacific Ocean, no threat to land, hurricane center says – UK Times

Tropical storm Douglas forms in Pacific Ocean, no threat to land, hurricane center says – UK Times

2 July 2026
Federal audit finds Puerto Rico awaiting billions of dollars nearly a decade after deadly hurricane – UK Times

Federal audit finds Puerto Rico awaiting billions of dollars nearly a decade after deadly hurricane – UK Times

2 July 2026
UPS never required detailed inspection of part that failed before engine flew off plane that crashed – UK Times

UPS never required detailed inspection of part that failed before engine flew off plane that crashed – UK Times

2 July 2026
Federal judge says Supreme Court decisions show ‘emerging pragmatic conservatism’ – UK Times

Federal judge says Supreme Court decisions show ‘emerging pragmatic conservatism’ – UK Times

2 July 2026
Men’s T20 Blast: Northants Steelbacks secure eighth successive win | Manchester News

Men’s T20 Blast: Northants Steelbacks secure eighth successive win | Manchester News

2 July 2026

Mpox: More than 20 cases last month in Northern Ireland | UK News

2 July 2026
Top News
Wayne Rooney names the one surprise player Thomas Tuchel may regret not calling up to his World Cup squad amid England’s right back crisis

Wayne Rooney names the one surprise player Thomas Tuchel may regret not calling up to his World Cup squad amid England’s right back crisis

2 July 2026
Tropical storm Douglas forms in Pacific Ocean, no threat to land, hurricane center says – UK Times

Tropical storm Douglas forms in Pacific Ocean, no threat to land, hurricane center says – UK Times

2 July 2026
Ryan Lochte’s ex-wife Kayla Rae Reid celebrates being ‘finally free’ as divorce is made official

Ryan Lochte’s ex-wife Kayla Rae Reid celebrates being ‘finally free’ as divorce is made official

2 July 2026

Subscribe to Updates

Get the latest UK news and updates directly to your inbox.

Recent Posts

  • Wayne Rooney names the one surprise player Thomas Tuchel may regret not calling up to his World Cup squad amid England’s right back crisis
  • Tropical storm Douglas forms in Pacific Ocean, no threat to land, hurricane center says – UK Times
  • Ryan Lochte’s ex-wife Kayla Rae Reid celebrates being ‘finally free’ as divorce is made official
  • Federal audit finds Puerto Rico awaiting billions of dollars nearly a decade after deadly hurricane – UK Times
  • Tragedy as rising college football coach unexpectedly dies at 34 after turning around struggling team

Recent Comments

No comments to show.
© 2026 UK Times. All Rights Reserved.
  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact Us

Type above and press Enter to search. Press Esc to cancel.

Go to mobile version