USA disrupts Russia's military-run DNS hijacking network
Network security teams must isolate compromised routers and reroute affected traffic
Change
USA executed a court-authorised disruption on April 7, 2026 of a Domain Name System hijacking network run by Russia's Main Intelligence Directorate (GRU) Military Unit 26165 that abused compromised routers to redirect traffic targeting military, government and critical infrastructure worldwide.
Why it matters
Operators must treat unexplained DNS or routing anomalies as potential state-linked hijacks, raising the incident-response threshold. Network owners are required to prioritise containment and forensic preservation to stop ongoing interception and retain attribution data.
Implications
- — ISP network security teams must immediately scan edge and customer routers for indicators of DNS or route hijacking and isolate any compromised devices — failure risks continued traffic interception and operational disruption.
- — Network operations teams at cloud and hosting providers must immediately validate Border Gateway Protocol (BGP) and DNS configurations and apply strict route filtering and DNS hardening — otherwise client traffic may be misrouted or intercepted.
Unlock the full brief.
- Implications: What this forces you to change — operations, exposure, or compliance.
- Who is affected: Which roles, contracts, and obligations are exposed.
- What to watch: Binding deadlines and enforcement dates.
- Real-time alerts: Delivered the moment a change is published.
- Ask AI: Ask what this means for your specific role.
Source
View on The Hindu