"Hackers manipulated DNS settings to redirect your work logins through their servers. Attackers altered your router's DNS and DHCP settings, hijacking the internet's address book for every device on your network."
"When you log into Microsoft 365, your credentials travel through their servers first. They present fake security certificates that most systems accept, exposing your email, files, and authentication tokens in plain text."
"Over 5,000 consumer devices and 200 organizations fell victim to the FrostArmada campaign. Peak infection hit 18,000 networks in December 2025, targeting everyone from government agencies to small businesses."
Russian military intelligence, through the hacker group Forest Blizzard, infiltrated consumer routers to intercept Microsoft 365 logins. They exploited vulnerabilities in popular models like TP-Link and MikroTik. By manipulating DNS and DHCP settings, attackers redirected logins through their servers, presenting fake security certificates. This allowed them to expose user credentials without malware installation. Over 5,000 devices and 200 organizations were affected, with peak infections reaching 18,000 networks, targeting both government and small businesses with unpatched firmware and weak credentials.
Read at Yahoo Tech
Unable to calculate read time
Collection
[
|
...
]