SBU and FBI Uncover Campaign Targeting Russian Routers

This operation targeted users in Ukraine, Europe, and the United States through compromised Wi-Fi routers.

According to information provided by the SBU, Russian operatives infiltrated vulnerable home and office routers that lacked up-to-date security measures. After gaining access to these devices, the perpetrators redirected internet traffic through a network of controlled servers. This enabled them to intercept passwords, authentication tokens, and other sensitive data, including emails.

The stolen information was intended for use in future cyberattacks, disinformation campaigns, and intelligence gathering. The SBU noted that the operation specifically targeted communications related to government officials, military personnel, and employees of Ukraine's defense sector.

As part of the joint efforts, law enforcement officials blocked over 100 servers and regained control over hundreds of compromised routers solely in Ukraine. Efforts are currently underway to identify and hold accountable those involved in this cyber activity.

The SBU also urged users to update their router software, install the latest security patches, or replace outdated devices. Additional recommendations include changing default passwords, disabling remote access to router settings, and checking configurations for suspicious activity.

Russian-linked hacker groups have long engaged in cyber activities, often with financial motives, but since the full-scale invasion of Ukraine, they have increasingly focused on destructive attacks targeting Kyiv and its allies. In a recent case, Dutch intelligence agencies reported that Russian hackers launched a global campaign targeting WhatsApp and Signal accounts, using phishing to access messages from government officials, journalists, and other targets.