← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
APT28 exploit routers to enable DNS hijacking operations
WHITE APT28 AlienVault 2026-04-07 Modified: 2026-04-08
59
IOCs
HIGH VOLUME
Russian cyber actors APT28 have been exploiting routers to overwrite Dynamic Host Configuration Protocol (DHCP)/Domain Name System (DNS) settings to redirect traffic through attacker-controlled DNS servers. Resulting malicious DNS resolutions enable adversary-in-the-middle (AitM) attacks that harvest passwords, OAuth tokens and other credentials for web and email related services. This puts organisations at risk of credential theft, data manipulation and broader compromise.
exploittp-linkdns hijackingrussiaoauthapt28
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (59)
All CVE IPv4
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2023-50224 2026-04-07
IPv4 103.140.186.148 2026-04-07
IPv4 103.140.186.149 2026-04-07
IPv4 103.140.186.155 2026-04-07
IPv4 185.234.73.58 2026-04-07
IPv4 185.234.73.61 2026-04-07
IPv4 185.234.73.62 2026-04-07
IPv4 185.237.166.224 2026-04-07
IPv4 185.237.166.225 2026-04-07
IPv4 185.237.166.226 2026-04-07
IPv4 185.237.166.227 2026-04-07
IPv4 185.237.166.228 2026-04-07
IPv4 185.237.166.229 2026-04-07
IPv4 185.237.166.230 2026-04-07
IPv4 185.237.166.231 2026-04-07
IPv4 185.237.166.232 2026-04-07
IPv4 185.237.166.233 2026-04-07
IPv4 185.237.166.234 2026-04-07
IPv4 185.237.166.235 2026-04-07
IPv4 185.237.166.236 2026-04-07
IPv4 185.237.166.237 2026-04-07
IPv4 185.237.166.238 2026-04-07
IPv4 185.237.166.239 2026-04-07
IPv4 185.237.166.240 2026-04-07
IPv4 185.237.166.241 2026-04-07
IPv4 185.237.166.242 2026-04-07
IPv4 185.237.166.243 2026-04-07
IPv4 185.237.166.244 2026-04-07
IPv4 185.237.166.245 2026-04-07
IPv4 185.237.166.246 2026-04-07
IPv4 185.237.166.247 2026-04-07
IPv4 185.237.166.248 2026-04-07
IPv4 185.237.166.249 2026-04-07
IPv4 185.237.166.55 2026-04-07
IPv4 185.237.166.56 2026-04-07
IPv4 185.237.166.57 2026-04-07
IPv4 185.237.166.58 2026-04-07
IPv4 185.237.166.59 2026-04-07
IPv4 185.237.166.60 2026-04-07
IPv4 185.237.166.61 2026-04-07
IPv4 185.237.166.62 2026-04-07
IPv4 185.237.166.63 2026-04-07
IPv4 185.237.166.64 2026-04-07
IPv4 185.237.166.65 2026-04-07
IPv4 185.237.166.66 2026-04-07
IPv4 185.237.166.67 2026-04-07
IPv4 185.237.166.68 2026-04-07
IPv4 185.237.166.69 2026-04-07
IPv4 185.237.166.70 2026-04-07
IPv4 185.237.166.71 2026-04-07
IPv4 185.237.166.72 2026-04-07
IPv4 185.237.166.73 2026-04-07
IPv4 185.237.166.74 2026-04-07
IPv4 185.237.166.75 2026-04-07
IPv4 64.44.154.227 2026-04-07
IPv4 64.44.154.237 2026-04-07
IPv4 64.44.154.238 2026-04-07
IPv4 64.44.154.239 2026-04-07
IPv4 64.44.154.240 2026-04-07
References (1)
↗ https://www.ncsc.gov.uk/news/apt28-exploit-routers-to-enable-dns-hijacking-operations