dns-hijacking

Your Phone, Your Browser, Your Router. All Still Working. All Compromised.

John Z Black Apr 14, 2026

Threat Intelligence #mirax #android-rat #chrome-extensions #apt28 #frost-armada #operation-masquerade #dns-hijacking #malware

220,000 Android phones recruited into a criminal proxy network via Facebook ads. 108 Chrome extensions in the official Web Store harvesting Google and Telegram credentials. Russia's GRU running DNS hijacks through 18,000 home routers until law enforcement shut it down. Three campaigns, one pattern: your device keeps working while someone else uses it.

Russia's GRU Hijacked 18,000 Routers to Steal Microsoft 365 Tokens Without a Single Piece of Malware

John Z Black Apr 8, 2026

Threat Intelligence #apt28 #russia #dns-hijacking #microsoft-365 #oauth #mfa-bypass #soho-routers

APT28 changed the DNS settings on 18,000 home routers and stole Microsoft 365 tokens after users completed MFA. No malware needed. Your second factor was irrelevant.