Russia’s GRU exposed for large-scale spying on citizens of EU, US and Ukraine through hacked Wi-Fi routers, SSU says
The Security Service of Ukraine (SSU), together with the FBI, the counterintelligence agencies of the Republic of Poland and EU law enforcement agencies, conducted a coordinated cyber operation to neutralise the enemy’s intelligence activity on the territory of Ukraine and partner states.
This was reported by the Security Service of Ukraine, Censor.NET reports.
ЗThey hacked Wi-Fi routers
As a result of the international cyber operation, numerous cases were uncovered of Russia’s military intelligence (better known as the GRU) hacking office and home Wi-Fi routers belonging to Ukrainians and foreign citizens alike (the so-called SOHO equipment).
It is noted that Russian intelligence operatives targeted routers that did not meet modern security protocols.
After penetrating vulnerable internet-connected devices, the ruscists rerouted their traffic through a pre-deployed network of DNS servers, which convert internet resource names into IP addresses that uniquely identify the destination server. In this way, they acted as "intermediaries" in cyberspace in order to collect passwords, authentication tokens and other sensitive information, including emails that under normal conditions are protected by the SSL (secure sockets layer) and TLS (transport layer security) cryptographic protocols.
What was the goal?
The enemy planned to use the obtained information to carry out cyberattacks, information sabotage and intelligence gathering.
The Russian intelligence service was particularly interested in information exchanged by employees and servicemen of state bodies, units of Ukraine’s Defence Forces and defence-industrial enterprises.
More than 100 servers blocked
The SSU said that, as a result of the joint cyber operation, it managed to block more than 100 servers and wrest hundreds of routers from enemy control in Ukraine alone. This significantly weakened the intelligence capabilities of Russian military intelligence and prevented the destruction of equipment at the software level.
Comprehensive measures by the SSU and its Western partners are currently underway to bring all those involved in the cybercrimes to justice.
SSU recommendations
All router owners are advised to identify their device model and current software version, check whether the latest security updates are available and implement them without delay.
If the manufacturer no longer provides support, the SSU strongly recommends replacing the router with a more modern model, including one made by another company. After updating, users should change the device access password, disable access to its control panel from the internet, check the settings and remove anything suspicious.
Telecommunications providers are being asked to assist their customers in implementing the above cybersecurity measures.
