The GRU collected passwords, correspondence, and tokens through vulnerable network equipment
The Russian GRU massively hacked home and office routers of Ukrainians, Europeans, and Americans to intercept sensitive information and prepare cyberattacks.
This was reported by RBC-Ukraine, citing the Security Service of Ukraine.
Read also: Russian intelligence attempted to steal technologies from the defense company TechEx: what arms manufacturers should prepare for
The Security Service of Ukraine, together with the FBI, counterintelligence agencies of Poland, and law enforcement agencies of the European Union, conducted an international cyber operation that uncovered a large-scale intelligence activity of the Russian military intelligence on the territory of Ukraine and partner states.
According to the SBU, the GRU hacked home and office Wi-Fi routers of Ukrainians, EU citizens, and Americans. This concerns so-called SOHO equipment. Russian special services “hunted” for routers that did not meet modern security protocols.
After infiltrating vulnerable routers, Russian special services redirected their traffic through a pre-deployed network of DNS servers. Thus, they became “intermediaries” in the online space and could collect passwords, authentication tokens, and other sensitive information, including emails.
As noted by the SBU, the obtained information was intended for use in cyberattacks, information diversions, and intelligence gathering. The GRU particularly focused on information exchanged by employees of government agencies, military personnel of the Defense Forces, and staff of defense industry enterprises.
As part of the joint operation, more than 100 servers were blocked and hundreds of routers were taken out of the enemy’s control, just in Ukraine. The SBU notes that this significantly weakened Russia’s intelligence capabilities and helped prevent the programmed destruction of equipment.
Currently, Ukrainian special services and their Western partners continue efforts to identify and hold accountable all individuals involved in these cybercrimes.
The SBU also urged router owners to check the device model, software version, and the presence of current security updates. If the manufacturer no longer supports the equipment, it is recommended to replace it with a more modern model.
“After updating, it is essential to change the access password to the device, disable the ability to access its control panel from the Internet, check the settings, and remove anything suspicious,” the SBU advised.
Providers were also separately urged to assist clients in implementing these cybersecurity measures.
Recall that earlier, German intelligence warned that after Russia’s full-scale invasion of Ukraine, the threat of Russian espionage, sabotage, and disinformation had significantly increased. According to their data, Russian structures are increasingly changing tactics and involving people from petty crime in such operations.
Source: rbc.ua +rel=”nofollow”
