Skip to main content
English (UK)

How to protect your guest WiFi from DNS hijacking after the NCSC's APT28 warning

By Claudia Hill
16 June 2026
Secure WiFi router with shield and padlock illustration

Russia's APT28 is hijacking vulnerable routers to steal credentials, and the NCSC has warned businesses to act. Here's why guest WiFi is the exposure most organisations overlook, and how to secure it.

The UK's National Cyber Security Centre (NCSC) has published an advisory revealing how the Russian state actor APT28 has been exploiting vulnerable routers to hijack DNS and reroute internet traffic through attacker-controlled servers, harvesting passwords, OAuth tokens and other login credentials for web and email services. The campaign is believed to be opportunistic: cast a wide net across exposed devices, then filter down to victims of intelligence value.

It's essential reading, but there's a gap in it that many businesses will overlook.

Guest WiFi: the overlooked risk

The NCSC's recent warning about DHCP vulnerabilities highlights a critical blind spot for many businesses: Guest WiFi.

Many organisations don't realise that their legacy captive portals and open, unencrypted connections are a playground for man-in-the-middle (MitM) attacks. It's trivially easy for a compromised router or rogue access point to intercept traffic, spoof login pages, and harvest your guests' sensitive credentials.

Purple changes the game

We replace the risky "open portal" model with identity-based, zero-trust wireless security. By championing modern standards like Passpoint , OpenRoaming , and WPA3-Enterprise , Purple ensures:

  • Dynamic authentication: Every single connection is verified.
  • Total encryption: Data is locked down from the very first packet.

If an attacker attempts a DNS hijack on a Purple-secured network, all they'll intercept is useless ciphertext - not plaintext passwords.

Don't let a router exploit turn into a catastrophic data breach. Upgrade your network security with Purple.

From our CTO

"The recent NCSC warnings are a massive wake-up call for the industry. You cannot patch your way out of a fundamentally flawed architecture. As long as guest WiFi relies on unencrypted open connections and legacy captive portals, it will remain a prime target for credential harvesting. At Purple, we recognised early on that the only real solution is a paradigm shift toward zero-trust wireless - ensuring every single connection is authenticated and encrypted from the very first packet."

- Iain Jewitt, CTO of Purple

Talk to us about securing your guest WiFi

Read the full NCSC advisory: APT28 exploit routers to enable DNS hijacking operations

Explore the products, solutions, and industries that turn this insight into measurable outcomes.

You might also like

Ready to get started?

Book a demo with one of our experts to see how Purple can help you achieve your business goals.

Speak to an expert
IcBaselineArrowOutward