SBU and FBI exposed a Russian GRU network that spied on EU, US, and Ukrainian citizens through "hacked" Wi-Fi routers
Kyiv • UNN
An international cyber operation blocked over 100 Russian GRU servers that were stealing data from Ukrainians and EU citizens. The enemy exploited vulnerable routers.
The Security Service, together with the FBI, counterintelligence agencies of the Republic of Poland, and law enforcement agencies of the EU, conducted a coordinated cyber operation to neutralize enemy intelligence activities in Ukraine and partner states. This involved large-scale espionage against citizens of the EU, USA, and Ukraine through "hacked" Wi-Fi routers, UNN reports, citing the SSU.
Details
As reported by the SSU, the international cyber operation uncovered numerous instances of Russian military intelligence (more commonly known as GRU) "hacking" office and home Wi-Fi routers belonging to Ukrainians and foreign citizens (so-called SOHO equipment).
According to the investigation materials, Russian special services "hunted" for routers that did not comply with modern security protocols.
After "penetrating" vulnerable internet devices, the Russians redirected their traffic through a pre-deployed network of DNS servers (which convert internet resource names into their IP addresses, uniquely identifying the destination server). In this way, they became "intermediaries" in the online space to collect passwords, authentication tokens, and other sensitive information, including emails, which are normally protected by cryptographic protocols SSL (secure sockets layer) and TLS (transport layer security).
The SSU added that the enemy planned to use the obtained information to carry out cyberattacks, information sabotage, and collect intelligence.
The Russian special services were particularly interested in information exchanged by employees and military personnel of state bodies, units of the Ukrainian Defense Forces, and enterprises of the defense-industrial complex.
As a result of the joint cyber operation, more than 100 servers were blocked and hundreds of routers were taken out of enemy control in Ukraine alone, which significantly weakened the intelligence capabilities of the Russian military intelligence and prevented the destruction of equipment at the software level.
Currently, comprehensive measures are being taken by the Security Service of Ukraine and its Western partners to bring all individuals involved in cybercrimes to justice.
The SSU recommends that all router owners update their device's model and current software version, check for available security updates, and implement them immediately.
If there is no support from the manufacturer, we strongly recommend replacing the router with a more modern model, including one from another company. After updating, it is imperative to change the device's access password, disable access to its control panel from the "Internet" network, check the settings, and remove anything suspicious. We ask telecommunications providers to assist their clients in implementing the aforementioned cybersecurity measures.