SBU and FBI Expose Russian GRU Spying via Wi-Fi Routers

On April 7, a significant international cyber operation was carried out by the Security Service of Ukraine (SBU) alongside the Federal Bureau of Investigation (FBI) and law enforcement agencies from the European Union. This operation revealed alarming instances of espionage conducted by the Russian Main Intelligence Directorate (GRU) against citizens in Ukraine, the United States, and various European nations. The findings indicated that Russian intelligence services had been utilizing compromised Wi-Fi routers to gather sensitive information.

According to information released by the SBU press service, the operation uncovered that Russian hackers had been infiltrating both office and home Wi-Fi routers that did not meet modern security standards. Once compromised, these routers redirected traffic through specially deployed DNS servers, allowing the hackers to convert Internet resource names into their IP addresses. This tactic enabled them to identify destination servers. As a result of these actions, the adversaries were able to collect passwords, authentication tokens, and other sensitive data, including emails that are typically protected by cryptographic protocols.

The data obtained by Russian intelligence services was intended for use in conducting cyberattacks, information diversions, and intelligence gathering. The SBU noted, "The information exchanged by employees and military personnel of government agencies, units of the Armed Forces of Ukraine, and defense industry enterprises was of particular interest to the Russian intelligence services."

As a result of the cyber operation, over 100 servers were blocked, and hundreds of routers in Ukraine were removed from the control of Russian intelligence services. This significantly weakened the intelligence capabilities of the Russian military intelligence and prevented the destruction of equipment at the software level, as reported by the SBU.

Currently, the SBU, in conjunction with international partners, is working to hold accountable those involved in these cybercrimes. The agency has also reached out to Wi-Fi router owners, recommending that they update the model and software version of their devices, as well as install security updates.

The SBU emphasized, "In the absence of support from the manufacturer, we strongly recommend replacing the router with a more modern model, even from a different company. After updating, it is essential to change the access password to the device, disable the ability to access its control panel from the Internet, review the settings, and remove any suspicious elements."

Furthermore, the agency has called upon telecommunications providers to assist their clients in ensuring the security of their devices. This situation underscores the critical importance of cyber protection in the face of modern threats that could impact the safety of the state and its citizens.