# Russian state-sponsored threat actors are targeting poorly protected Small Office/Home Office (SOHO) devices.

*semiconductor · news · 2026-04-08 · TechRadar*

## Key points

- Forest Blizzard (APT28) is using DNS hijacking at scale via compromised SOHO devices.
- Over 200 organizations and 5,000 consumer devices have been impacted, targeting multiple critical sectors.
- Attackers reroute DNS traffic to infrastructure they control, enabling surveillance and AiTM attacks.
- This is the first time Microsoft observed Forest Blizzard using DNS hijacking to support AiTM of TLS connections.

**Companies:** Microsoft
**Countries:** Russia

[Read the full story on TechRadar](https://www.techradar.com/pro/security/this-puts-organizations-at-risk-of-credential-theft-data-manipulation-and-broader-compromise-uk-government-microsoft-warn-russian-hackers-are-hitting-tp-link-home-routers-to-hijack-internet-traffic)

---

Canonical: https://newsio.io/n/6c11c78c-965d-4b06-b4cd-7c3702af81a3/russian-state-sponsored-threat-actors-are-targeting-poorly-protected-small-offic
Summarized by Newsio from TechRadar. https://newsio.io/how-it-works