What to do if I shared my OTP in a phishing scam?

Immediately contact your bank's customer service and request them to block your account. Report the incident to the cybercrime helpline 1930.

How can I identify if a communication is from APT28?

Look for inconsistent sender addresses, poor grammar, urgent demands for personal information, or unusual requests from known contacts.

How can I report this type of scam in India?

You can report the scam by calling the cybercrime helpline at 1930 or visiting cybercrime.gov.in for more instructions.

What recovery steps should I take after getting scammed?

Contact your financial institution immediately, change all passwords, enable fraud alerts, and file a report with local law enforcement.

APT28 exploit routers to enable DNS hijacking operations

INDIA — By BharatSecure Threat Intelligence Team · Updated Jun 10, 2026

Verdict: Suspicious | Risk Score: 9/10 | Severity: Critical

Category: phishing

Scam Intelligence: APT28 exploit routers to enable DNS hijacking operations

Proprietary signals from BharatSecure's scam-tracking database.

Last reported

Jun 10, 2026

How APT28 exploit routers to enable DNS hijacking operations Works

The Russian cyber group APT28 is exploiting vulnerabilities in routers to carry out DNS hijacking. This allows them to conduct adversary-in-the-middle attacks, stealing passwords and authentication tokens from unsuspecting users.

How This Scam Works — Detailed Explanation

APT28, a notorious Russian cyber group, has been targeting Indian users through sophisticated phishing scams by exploiting vulnerabilities in everyday household routers. The attackers are not just looking for naive victims; they approach users through common networking devices that most households possess. By remotely accessing these routers, they can manipulate DNS settings, redirecting users to malicious websites designed to steal personal information. Given the popularity of UPI transactions linked to Aadhaar and banking accounts, these attackers are particularly interested in infiltrating any electronic banking or digital payment setups that leverage these systems.

One of the psychological tricks used by APT28 is the sense of urgency combined with legitimacy. Cyber actors often replicate bank communication or popular apps like WhatsApp through fake notifications that prompt users to act quickly. For instance, if a user receives a message claiming their UPI transaction failed and urges them to log in at an 'official' link to rectify the issue, it raises alarm bells that trick the user into willingly providing their credentials. In many cases, these messages appear to come from trusted sources, such as their bank's helpline or even governmental advisory notices, which increases the likelihood that victims will comply without questioning their authenticity.

Once targeted, the victim will inadvertently fall prey to the attack step-by-step. Typically, the scammers will send out an official-looking email or message that appears urgent, telling the victim they must log on to resolve a supposed issue. When the victim clicks the link, they're redirected to a fake login page designed to look like their bank's official site. Entering their credentials, such as passwords or OTPs, in this phishing setup, the victim unwittingly provides the attackers access to their funds. A real example involves a victim who was tricked into sharing their UPI credentials with a site that claimed to offer cashback but instead drained their linked bank account, resulting in losses of up to ₹1 lakh.

The impact of such scams in India can't be understated. According to reports, cybercrime losses have swelled to over ₹27,000 crore annually, with many cases tied directly to impersonation or phishing schemes similar to those orchestrated by APT28. Entities like the Ministry of Home Affairs (MHA) and the Reserve Bank of India (RBI) have issued guidelines against such threats, but the ramifications seem to grow every day. Recent advisories from CERT-In also highlight the need for increased vigilance as more families become reliant on digital banking and payment systems.

Recognizing the signs of a scam from APT28 can often mean the difference between security and theft. Look out for messages that create a sense of urgency, ask for sensitive information, or contain links that seem suspicious. If a communication asks for your Aadhaar details or UPI PIN directly, it should raise red flags. Authentic communications from banks or government agencies often direct you to login through their official app or website, never asking for sensitive information through text or emails. Always verify with your bank before taking any action, and if anything feels off, reach out to their official helpline immediately.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does APT28 exploit routers to enable DNS hijacking operations Target?

General public across India

Red Flags — How to Identify APT28 exploit routers to enable DNS hijacking operations

APT28
Russian cyber actor
router exploit
DNS hijacking
adversary-in-the-middle attacks
password theft
authentication tokens

What To Do If You Encounter APT28 exploit routers to enable DNS hijacking operations

Report any suspicious messages or communications to the cybercrime helpline 1930 or visit cybercrime.gov.in.
Change your router password immediately if you suspect it may be compromised.
Enable two-factor authentication on your bank accounts and UPI apps to add an extra layer of security.
Contact your bank's customer service, such as SBI at 1800-11-1109 or HDFC at 1800-202-6161, to report phishing attempts.
Regularly update your router firmware to patch any security vulnerabilities.
Educate your family members about safe online practices and how to identify phishing attempts.

How to Report APT28 exploit routers to enable DNS hijacking operations in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a phishing scam?: Immediately contact your bank's customer service and request them to block your account. Report the incident to the cybercrime helpline 1930.
How can I identify if a communication is from APT28?: Look for inconsistent sender addresses, poor grammar, urgent demands for personal information, or unusual requests from known contacts.
How can I report this type of scam in India?: You can report the scam by calling the cybercrime helpline at 1930 or visiting cybercrime.gov.in for more instructions.
What recovery steps should I take after getting scammed?: Contact your financial institution immediately, change all passwords, enable fraud alerts, and file a report with local law enforcement.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.