Russian Intelligence Spied on EU, US, and Ukrainian Citizens via 'Hacked' Routers - SBU

The Security Service of Ukraine (SBU) has made public information regarding a significant international cyber operation that has revealed multiple instances of hacking into routers owned by Ukrainian citizens and foreign nationals. This malicious activity was carried out by the Russian military intelligence agency, commonly referred to as the GRU. According to the SBU press center, the perpetrators sought to gain access to both office and home Wi-Fi routers that did not meet modern security standards.

Russian intelligence services specifically targeted vulnerable internet devices to redirect traffic through pre-configured DNS servers after compromising them. These servers serve the function of converting internet resource names into their corresponding IP addresses, thereby allowing the identification of the destination server. As a result of such interference, the Russians became intermediaries in the online space, enabling them to collect passwords, authentication tokens, and other sensitive information, including emails that are typically protected by cryptographic protocols such as SSL and TLS.

The SBU emphasized that the data obtained by the enemy was intended for use in conducting cyberattacks, information diversions, and intelligence gathering. Notably, information exchanged among employees and military personnel of government bodies, units of the Ukrainian Defense Forces, and enterprises within the defense-industrial complex came under particular scrutiny from Russian intelligence services.

As a result of the joint cyber operation, over 100 servers were blocked and hundreds of routers were taken out of enemy control, solely within Ukraine. This significantly weakened the intelligence capabilities of the Russian military intelligence and prevented the destruction of equipment at the software level.

The Security Service of Ukraine is currently continuing comprehensive measures in collaboration with Western partners to hold accountable all individuals involved in cybercrimes. In this regard, the SBU recommends that all router owners check the model and current software version of their devices, as well as the availability of up-to-date security updates that need to be implemented urgently.

The SBU also stressed the importance of replacing old routers with more modern models if the manufacturer no longer supports them. After updating the software, it is essential to change the access password to the device, disable the ability to access the control panel from the Internet, check the settings, and remove any suspicious elements. Telecommunications providers have been urged to assist their clients in implementing these cybersecurity measures.

It is worth noting that in March of this year, the Federal Prosecutor's Office of Germany detained a Romanian citizen and a Ukrainian citizen on suspicion of espionage activities on behalf of Russian intelligence. They were reportedly gathering information and conducting video surveillance of an individual supplying drones and components for Ukraine.

Stay updated with the latest news by joining our channels on Telegram, Instagram, and YouTube.