1 article
Russia's GRU Unit 26165 operated an 18,000-router DNS hijacking network targeting Microsoft 365 OAuth tokens across 120 countries. The US DOJ's Operation Masquerade dismantled US-based infrastructure on April 7 2026, but the global campaign continues. Organisations should audit DNS resolver settings, revoke OAuth sessions, and enforce Conditional Access for remote users.