Mastodon Feed: Post

Mastodon Feed

Boosted by jsonstein@masto.deoan.org ("Jeff Sonstein"):
briankrebs@infosec.exchange ("BrianKrebs") wrote:

New, from me: Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code.

https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/

a Graphic showing how targeted DNS requests were redirected at the router. Image: Black Lotus Labs. Basically, it's a simple graphic showing end users having their DNS settings modified, then redirecting requests to a short list of targeted domains (outlook, eg.) to siphon traffic.