Daily Cyber Intelligence Brief Date: April 6, 2026 Report Prepared by: Senior Cyber Security Researcher

1. Main Headline: Russian State Actors Weaponize 18,000+ SOHO Routers to Exfiltrate Microsoft Office Tokens

2. The Big Story: APT28’s Global DNS Hijacking Campaign

The Russia-linked threat actor APT28 (also known as Forest Blizzard) has launched a massive exploitation campaign targeting insecure Small Office/Home Office (SOHO) routers, specifically MikroTik and TP-Link devices. By exploiting known vulnerabilities and poor credential hygiene in these edge devices, the group has compromised over 18,000 networks to create a sprawling, resilient infrastructure for cyber espionage.