Russian Hackers Use Forest Blizzards as Cover for Global Router Hacking
Global Surveillance Operation Exposed
A hacking group linked to Russian military intelligence, known as Forest Blizzard, has been exploiting home and small-office routers for global surveillance.
The Malicious Activity
- The group has been leveraging thousands of compromised devices since at least August 2025.
- The operation involves DNS hijacking, redirecting users’ internet traffic to servers controlled by the hackers.
According to the researchers, “The group utilizes a legitimate tool called dnsmasq to manage these redirections, providing them with persistent and passive visibility and reconnaissance capabilities at scale.”
Taragetted Sectors
The energy, IT, and telecommunications sectors have been primarily targeted by the group, with over 5,000 consumer devices and 200 organizations affected so far.
Data Interception
Notably, the group has successfully intercepted data from three government organizations in Africa, highlighting the severity of the situation.
Adversary-in-the-Middle Attacks
The group has also conducted AiTM attacks, positioning themselves between a user and the service they are attempting to reach, specifically targeting Microsoft Outlook web users to intercept emails and sensitive content.
Mitigation Strategies
To mitigate these risks, experts recommend:
- Implementing multi-factor authentication (MFA)
- Using passwordless logins
- Regularly updating software and firmware to ensure the latest security patches
- Maintaining a robust incident response plan
About Author
English