An international law enforcement effort involving the FBI, DOJ, and private partners like Microsoft and Black Lotus Labs has successfully disrupted "FrostArmada." This campaign, orchestrated by the Russian-linked threat actor APT28 (Fancy Bear), targeted over 18,000 SOHO routers globally—specifically MikroTik and TP-Link devices—to facilitate large-scale credential theft.
The attackers utilized DNS hijacking to redirect authentication traffic to malicious proxy servers, allowing them to intercept Microsoft 365 logins and OAuth tokens via Adversary-in-the-Middle (AitM) attacks. Law enforcement intervened by executing court-authorized technical operations to reset DNS configurations on compromised devices and neutralize the threat infrastructure.
Top comments (0)