DNS Attacks Archives

Russian APT28 Exploits SOHO Routers in Global DNS Hijacking and Cyber Espionage Campaign

April 8, 2026

A sophisticated cyber espionage campaign linked to Russia’s notorious threat group APT28, also tracked as Forest Blizzard, has been uncovered targeting vulnerable home and small office routers worldwide. The operation focuses on manipulating DNS configurations to intercept sensitive data without user awareness. The campaign, named FrostArmada by Black Lotus Labs, has been active since at least May […]

Russian APT28 Exploits SOHO Routers in Global DNS Hijacking and Cyber Espionage Campaign Read More »

Microsoft Reveals DNS-Based ClickFix Attack Leveraging Nslookup for Malware Staging

February 17, 2026

Microsoft has uncovered a new evolution of the ClickFix social engineering technique, where attackers manipulate users into executing a DNS lookup command to retrieve malicious payloads. The campaign demonstrates how threat actors continue refining ClickFix methods to bypass traditional security defenses. How the DNS-Based ClickFix Variant Works In this newly observed attack chain, victims are

Microsoft Reveals DNS-Based ClickFix Attack Leveraging Nslookup for Malware Staging Read More »

EdgeStepper Implant Redirects DNS Queries to Deliver Malware Through Compromised Software Updates

November 19, 2025

A China aligned threat actor known as PlushDaemon has been identified using a new Go based network backdoor called EdgeStepper. This tool enables adversary in the middle attacks by hijacking DNS queries and redirecting them to malicious infrastructure. Through this method, attackers can compromise legitimate software update channels and deliver harmful payloads. How the Attack

EdgeStepper Implant Redirects DNS Queries to Deliver Malware Through Compromised Software Updates Read More »