US Justice Department disrupts Russian military-run DNS hijacking network
Change
US Justice Department carried out a court-authorised operation that seized control of routers used by Russia's Main Intelligence Directorate (GRU) Military Unit 26165 to hijack Domain Name System (DNS) traffic against military, government and critical infrastructure targets worldwide.
Why it matters
The disruption removes the GRU unit's immediate access to its compromised-router infrastructure, making continued DNS hijacking from those devices materially harder. Network defenders must now treat DNS and routing configurations as active attack surfaces and prioritise rapid verification and remediation.
Implications
- — Network operations teams at military, government, and critical infrastructure organisations must audit edge routers for unauthorized DNS and routing configurations and remove any malicious entries — failure to do so will leave critical services exposed to redirection or interception.
- — Cybersecurity incident response teams at military, government, and critical infrastructure organisations must search DNS logs and routing tables for indicators of compromise and isolate affected devices for forensic analysis — failure to act will delay detection of persistent or pivoted intrusion.
Unlock the decision layer.
Know what changes, what’s at risk, and what needs action next.
- Implications: What shifts in cost, supply, or compliance.
- Who is affected: Which teams, contracts, or flows are exposed.
- What to watch: Deadlines, triggers, and when action becomes necessary.
- Real-time alerts: Get notified when a change becomes actionable — not noise..
- Ask AI: Go deeper on any change in seconds.
No credit card · 14-day trial · Active in seconds
Unlock the decision layer
Source
Topics