SBU and FBI Disrupt Cyber Operation by Russian GRU Conducted Through Compromised Routers
On April 8, the Security Service of Ukraine (SBU) announced the successful conclusion of a joint operation with the FBI and law enforcement agencies across Europe, resulting in the disruption of a large-scale cyber operation conducted by the Russian military intelligence.
The Security Service of Ukraine (SBU) on Wednesday, April 8, announced the successful conclusion of a joint operation with the FBI and law enforcement agencies across Europe, resulting in the disruption of a large-scale cyber operation conducted by the Russian military intelligence, known as the GRU. According to the SBU, Russian operatives compromised office and home Wi-Fi routers in Ukraine, European Union countries, and the United States to collect sensitive information.
The attacks specifically targeted routers with outdated security protocols, which redirected internet traffic through a network of controlled DNS servers. This allowed the malicious actors to intercept login credentials, authentication tokens, and other sensitive information, including emails protected by encryption protocols such as SSL and TLS.
The data collected was intended for use in cyberattacks, disinformation campaigns, and intelligence gathering, the SBU reported. The operation was partly focused on communications related to Ukrainian officials, military personnel, and defense industry workers.
As part of the joint operation, more than 100 servers were blocked, and the security of hundreds of compromised routers in Ukraine was ensured, according to the SBU. Officials noted that this breach weakened Russia's intelligence capabilities and prevented further cyber activities.
The SBU urged router owners to update their device software, install security patches, and change passwords. Users were also advised to disable remote access to router settings and check configurations for suspicious activity.
This news represents a significant part of the overall cybersecurity landscape in Ukraine and globally. Recently, German intelligence services accused Russian hackers of new cyberattacks aimed at obtaining sensitive information. In the latest case, the perpetrators reportedly targeted several thousand publicly accessible routers manufactured by TP-Link, a company founded in China that now operates globally.
Internet service providers were invited to assist their clients in implementing these security measures. This situation underscores the importance of protecting information systems and the necessity for continuous monitoring of cyber threats that may originate from various sources, including state actors.