APT28 DNS Hijack: How Russian Hackers Target Home Routers

Emily Davis · 2026-04-07

You know that little router sitting in your home office? The one blinking away, connecting your laptop to the world? Well, it turns out that exact device has become a prime target for some of the world's most sophisticated hackers. And right now, they're winning. Russian state-linked hackers known as APT28 (or Forest Blizzard, if you prefer their codename) have been running a global campaign since at least May 2025. They're compromising small office and home office routers—specifically insecure MikroTik and TP-Link models—and turning them into weapons. It's not just about stealing your Wi-Fi password anymore. This is full-scale cyber espionage, and your hardware is the battlefield. ### How APT28 Turns Your Router Against You So how does this actually work? Let's break it down without the technical jargon. Think of your router as the traffic cop for your internet connection. Every time you visit a website, your device asks the router for directions. The router uses something called DNS—the internet's phonebook—to translate website names into numerical addresses. APT28 compromises these routers and changes the DNS settings. Suddenly, when you try to visit your bank's website, your router sends you to a perfect fake instead. You type in the right address, but you end up in the wrong place—a place controlled by hackers who can steal your login credentials, financial data, and sensitive information. It's like someone secretly changing all the street signs in your neighborhood. You think you're driving to the grocery store, but you end up in a back alley where thieves are waiting.  ### Why Your Router Makes Such an Easy Target Home and small business routers are particularly vulnerable for a few simple reasons: - **Default passwords** – Most people never change them from "admin" or "password" - **Outdated firmware** – Manufacturers release security updates, but few users install them - **Remote management enabled** – A feature meant for convenience becomes a backdoor for attackers - **Lack of monitoring** – Unlike corporate networks, home networks rarely have security teams watching These devices are the forgotten security perimeter. We lock our doors, install alarm systems, and use complex passwords on our computers. But that little plastic box with the blinking lights? We plug it in and forget it exists for years. ### The Real-World Impact of Compromised Routers When APT28 takes control of a router, the consequences extend far beyond that single home or office. These compromised devices become part of a malicious infrastructure—what security professionals call a "botnet." The hackers can then use this network to: - Launch attacks against government agencies and corporations - Steal sensitive data from multiple victims simultaneously - Hide their true location and identity while conducting espionage - Distribute malware to other connected devices One compromised router in a coffee shop could potentially give attackers access to every laptop that connects there. A small business router could provide a foothold into corporate networks through remote workers. ### What You Can Do to Protect Yourself Don't panic, but do take action. Protecting your router isn't as complicated as you might think. Here are the basics everyone should implement: First, change those default credentials. Right now. Use a strong, unique password that you don't use anywhere else. Check for firmware updates regularly. Manufacturers patch security holes, but you have to actually install the updates. Set a calendar reminder to check every three months. Disable remote management unless you absolutely need it. Most home users don't. Consider this quote from a cybersecurity analyst I spoke with recently: "The most sophisticated attacks often exploit the simplest vulnerabilities. Your router's security shouldn't be an afterthought—it's your first line of defense." Finally, monitor your network for unusual activity. If websites suddenly look different or load slowly, or if you get security warnings you've never seen before, investigate. ### The Bigger Picture This APT28 campaign highlights a troubling trend in cybersecurity. Nation-state actors aren't just targeting government servers and corporate databases anymore. They're going after the soft targets—the everyday devices in our homes and small businesses that lack enterprise-grade security. The internet was built on trust, and that trust is being systematically exploited. As one security researcher put it, we've created a world where our most critical infrastructure connects through our least secure devices. Protecting yourself starts with recognizing that your router matters. It's not just a piece of plastic that gives you Netflix. It's the gateway between your digital life and the rest of the world. And right now, some very sophisticated people are trying to pick the lock. Stay safe out there. Update your router today, and maybe sleep a little better tonight knowing you've taken one important step toward securing your corner of the internet.