Main points
- The SBU, FBI, and European law enforcement agencies have exposed the Russian GRU for spying through hacked Wi-Fi routers in Ukraine, the US, and the EU.
- As a result of the cyber operation, more than 100 servers were blocked and hundreds of routers were taken out of control, which weakened Russia's intelligence capabilities.
SBU spoke about the enemy's spying network through “hacked” Wi-Fi routers / Collage of Channel 24
The SBU, FBI, and European law enforcement agencies have exposed Russia's GRU for large-scale spying on citizens of the EU, the US, and Ukraine. The occupiers did this through “hacked” Wi-Fi routers.
This was reported by the Security Service of Ukraine.
How did Russia spy on Ukrainians and foreigners by hacking Wi-Fi routers?
The SBU noted that, together with the FBI, Polish counterintelligence agencies, and EU law enforcement agencies, they conducted a cyber operation to neutralize the enemy's intelligence activities on the territory of Ukraine and partner states.
The results revealed numerous cases of “hacking” by Russian military intelligence, better known as the GRU, of office and home Wi-Fi routers of Ukrainians and foreign citizens (so-called SOHO equipment).
According to the investigation, Russian special services “hunted” for routers that did not comply with modern security protocols. After “penetrating” vulnerable Internet devices, the invaders redirected their traffic through a pre-deployed network of DNS servers (converting the names of Internet resources into their IP addresses, which uniquely identify the destination server),
– explained the Security Service.
In this way, the Russians became “middlemen” in the online space to collect passwords, authentication tokens, and other sensitive information, including emails that are normally protected by the cryptographic protocols SSL (secure sockets layer) and TLS (transport layer security).
“The enemy planned to use the information obtained to carry out cyberattacks, information sabotage, and collect intelligence information. The area of special attention of the Russian special services was the information exchanged between employees and servicemen of state bodies, units of the Defense Forces of Ukraine, and enterprises of the defense-industrial complex,” the SBU said.
As a result of the cyber operation, it was possible to block more than 100 servers and remove hundreds of routers from the enemy's control in Ukraine alone, which significantly weakened the intelligence capabilities of Russian military intelligence and also prevented the destruction of equipment at the software level.
Currently, the Security Service of Ukraine and Western partners are working to bring to justice all individuals involved in cybercrimes.
What recommendations did the SBU give to Ukrainians to avoid such a “hack”?
The SBU recommended that all router owners update their device's model and current software version, check for current security updates, and implement them immediately.
In the absence of support from the manufacturer, we strongly suggest replacing the router with a more modern model, including from another company. After the update, it is imperative to change the device access password, disable access to its control panel from the Internet, check the settings and remove suspicious ones,
– the Security Service emphasized.
Telecommunications providers were asked by the SBU to assist their clients in implementing the above-mentioned cybersecurity measures.
Where else have Russian hackers been working recently?
-
The FBI and CISA have warned of a wave of cyberattacks on Signal messenger users orchestrated by Russian hackers. The attacks targeted US government officials, military personnel, politicians, and journalists, and involved the use of phishing tactics to steal data.
-
Previously, Russian hackers affiliated with the GRU had hacked the State Agency for Water Resources of Ukraine as part of the “Operation GhostMail” campaign. The attackers exploited a vulnerability in the Zimbra email system to steal confidential data via malicious JavaScript code.