apt28

Russian state-backed hackers (Forest Blizzard/APT28) used known vulnerabilities in old routers to hijack DNS settings and steal OAuth authentication tokens from Microsoft Office users, compromising over 200 organizations and 5,000 consumer devices without deploying malware.