US Justice Department disrupts Russian military-run DNS hijacking network
Change
US Justice Department carried out a court-authorised operation that seized control of routers used by Russia's Main Intelligence Directorate (GRU) Military Unit 26165 to hijack Domain Name System (DNS) traffic against military, government and critical infrastructure targets worldwide.
Why it matters
The disruption removes the GRU unit's immediate access to its compromised-router infrastructure, making continued DNS hijacking from those devices materially harder. Network defenders must now treat DNS and routing configurations as active attack surfaces and prioritise rapid verification and remediation.
Implications
- • Network operations teams at military, government, and critical infrastructure organisations must audit edge routers for unauthorized DNS and routing configurations and remove any malicious entries — failure to do so will leave critical services exposed to redirection or interception.
- • Cybersecurity incident response teams at military, government, and critical infrastructure organisations must search DNS logs and routing tables for indicators of compromise and isolate affected devices for forensic analysis — failure to act will delay detection of persistent or pivoted intrusion.
Unlock the decision layer.
Go beyond headlines — see impact, exposure, and timing.
- Implications: What actually changes downstream.
- Who is affected: Which teams or operators are exposed.
- What to watch: Deadlines, triggers, and next moves.
- Real-time alerts: Know the moment a change is published.
- Ask AI: Clarify any brief instantly, in context.
14-day free trial. Full access. No credit card required.
Start free trial
Source
Topics