UK TimesUK Times
  • Home
  • News
  • TV & Showbiz
  • Money
  • Health
  • Science
  • Sports
  • Travel
  • More
    • Web Stories
    • Trending
    • Press Release
What's Hot
Footy star turned TV commentator divides fans by saying women are BETTER candidates for AFL coaching jobs than many men

Footy star turned TV commentator divides fans by saying women are BETTER candidates for AFL coaching jobs than many men

2 July 2026
Head of the Chicago Police Department to retire after 3 years in the position – UK Times

Head of the Chicago Police Department to retire after 3 years in the position – UK Times

2 July 2026
Fury erupts as USA star is controversially sent off and MISSES next World Cup game as Brittany Mahomes slams ‘bulls***’ call

Fury erupts as USA star is controversially sent off and MISSES next World Cup game as Brittany Mahomes slams ‘bulls***’ call

2 July 2026
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram
UK TimesUK Times
Subscribe
  • Home
  • News
  • TV & Showbiz
  • Money
  • Health
  • Science
  • Sports
  • Travel
  • More
    • Web Stories
    • Trending
    • Press Release
UK TimesUK Times
Home » APT28 exploit routers to enable DNS hijacking operations | National Cyber Security Centre
News

APT28 exploit routers to enable DNS hijacking operations | National Cyber Security Centre

By uk-times.com12 April 2026No Comments2 Mins Read
Facebook Twitter LinkedIn Telegram Pinterest Tumblr Reddit WhatsApp Email
Share
Facebook Twitter LinkedIn Pinterest Email

The AitM activity could be conducted against both user browser sessions and desktop applications. Harvested authentication material could include both passwords and OAuth or similar authentication tokens. Subsequent malicious logins using this stolen data may originate from further infrastructure not listed in this advisory.

It is believed that the DNS hijacking operations are opportunistic in nature, with the actor gaining visibility of a large pool of candidate target users then filtering down users at each stage in the exploitation chain to triage for victims of likely intelligence value.

TP-Link router exploitation

One of the router models that APT28 exploited for their DNS poisoning operations was the TP-Link WR841N, likely using CVE-2023-50224 [T1584.008, T1588.006]. This vulnerability enables an unauthenticated attacker to obtain information such as password credentials via specially crafted HTTP GET requests.

Having obtained the credentials for a router, the actor was then able to send a second specially crafted HTTP GET request to alter the DHCP DNS settings of that router.

The GET request would typically set the router’s primary DNS server to a malicious IP address, whilst also setting the secondary DNS server to the original primary DNS server’s IP address. On occasion both the primary and secondary DNS server had been set to malicious IP addresses, indicating that a router had likely been exploited multiple times.

Other TP-Link router models were also targeted by APT28 to enable their DNS hijacking operations.  A list can be found in the Indicators of Compromise section.
 

Share. Facebook Twitter Pinterest LinkedIn Tumblr Telegram Email

Related News

Head of the Chicago Police Department to retire after 3 years in the position – UK Times

Head of the Chicago Police Department to retire after 3 years in the position – UK Times

2 July 2026
Chris Johnson seeking revival of Ice Bucket Challenge as he continues his fight against ALS – UK Times

Chris Johnson seeking revival of Ice Bucket Challenge as he continues his fight against ALS – UK Times

2 July 2026
Palantir CEO Alex Karp crashes out during bizarre TV news appearance: ‘I feel like I’m gonna get kicked out of the room!’ – UK Times

Palantir CEO Alex Karp crashes out during bizarre TV news appearance: ‘I feel like I’m gonna get kicked out of the room!’ – UK Times

2 July 2026
United States pass Bosnia World Cup test – but at what cost? Balogun red leaves sour taste in the mouth – UK Times

United States pass Bosnia World Cup test – but at what cost? Balogun red leaves sour taste in the mouth – UK Times

2 July 2026
Beckham hails Harry Kane as ‘true leader’ after England win against DR Congo – UK Times

Beckham hails Harry Kane as ‘true leader’ after England win against DR Congo – UK Times

2 July 2026
Rochdale grooming victims heard of abuser’s release on social media, MP says | Manchester News

Rochdale grooming victims heard of abuser’s release on social media, MP says | Manchester News

2 July 2026
Top News
Footy star turned TV commentator divides fans by saying women are BETTER candidates for AFL coaching jobs than many men

Footy star turned TV commentator divides fans by saying women are BETTER candidates for AFL coaching jobs than many men

2 July 2026
Head of the Chicago Police Department to retire after 3 years in the position – UK Times

Head of the Chicago Police Department to retire after 3 years in the position – UK Times

2 July 2026
Fury erupts as USA star is controversially sent off and MISSES next World Cup game as Brittany Mahomes slams ‘bulls***’ call

Fury erupts as USA star is controversially sent off and MISSES next World Cup game as Brittany Mahomes slams ‘bulls***’ call

2 July 2026

Subscribe to Updates

Get the latest UK news and updates directly to your inbox.

Recent Posts

  • Footy star turned TV commentator divides fans by saying women are BETTER candidates for AFL coaching jobs than many men
  • Head of the Chicago Police Department to retire after 3 years in the position – UK Times
  • Fury erupts as USA star is controversially sent off and MISSES next World Cup game as Brittany Mahomes slams ‘bulls***’ call
  • Chris Johnson seeking revival of Ice Bucket Challenge as he continues his fight against ALS – UK Times
  • Palantir CEO Alex Karp crashes out during bizarre TV news appearance: ‘I feel like I’m gonna get kicked out of the room!’ – UK Times

Recent Comments

No comments to show.
© 2026 UK Times. All Rights Reserved.
  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact Us

Type above and press Enter to search. Press Esc to cancel.

Go to mobile version