security: SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks
Microsoft Security Blog
2026-04-07
Microsoft says the threat actor Forest Blizzard has been compromising insecure SOHO routers and modifying their settings to support malicious infrastructure. The activity is used for DNS hijacking and adversary-in-the-middle attacks.