The Security Service of Ukraine, in collaboration with the FBI, Polish counterintelligence, and EU law enforcement, has uncovered extensive cyber espionage operations conducted by the Russian military intelligence agency, GRU. This operation targeted home and office routers in Ukraine, Europe, and the United States to intercept sensitive information and prepare for cyberattacks.
According to the Security Service of Ukraine (SBU), the GRU exploited vulnerabilities in consumer-grade Wi-Fi routers, specifically those that did not comply with modern security protocols. These devices, referred to as SOHO (Small Office/Home Office) equipment, were identified as prime targets.
Once the GRU gained access to these routers, they redirected internet traffic through a network of DNS servers that had been previously established. This allowed Russian operatives to act as intermediaries in the online space, enabling them to collect passwords, authentication tokens, and other sensitive information, including emails.
The intelligence gathered was intended for use in cyberattacks, information sabotage, and espionage. The GRU particularly focused on communications among government officials, military personnel, and employees of defense industry enterprises.
As part of the joint operation, over 100 servers were blocked, and hundreds of compromised routers were secured in Ukraine alone. The SBU emphasized that these actions significantly weakened Russia’s intelligence capabilities and helped prevent potential damage to the equipment.
Ukrainian intelligence agencies and their Western partners are continuing efforts to identify and hold accountable all individuals involved in these cybercrimes. The SBU has also urged router owners to check their device models, software versions, and the availability of security updates. If a device is no longer supported by the manufacturer, it is recommended to replace it with a more modern model.
“After updating, it is essential to change the access password, disable remote access to the device’s control panel, review settings, and remove any suspicious configurations,” the SBU advised.
Internet service providers have also been called upon to assist customers in implementing these cybersecurity measures.
Previously, German intelligence agencies had warned that following Russia’s full-scale invasion of Ukraine, the threat of Russian espionage, sabotage, and disinformation had significantly increased. Reports indicated that Russian entities were frequently adapting their tactics and involving individuals from petty criminal backgrounds in such operations.
A recent international cyber operation has revealed significant Russian espionage activities targeting consumer routers in Ukraine and beyond. The initiative, involving multiple agencies, has led to the disruption of over 100 servers and aims to enhance cybersecurity measures among affected users.