The SBU, together with the FBI, Polish counterintelligence, and EU law enforcement agencies, conducted a coordinated cyber operation against the GRU intelligence network. The Russians hacked home and office Wi-Fi routers and used them to intercept passwords, authentication tokens, and emails.
The SBU, together with the FBI, Polish counterintelligence, and EU law enforcement agencies, conducted a coordinated cyber operation against the GRU intelligence network. The Russians hacked home and office Wi-Fi routers and used them to intercept passwords, authentication tokens, and emails.
During the operation, more than 100 GRU servers were blocked, and hundreds of routers were taken out of enemy control in Ukraine alone. The area of special attention includes employees of state bodies, servicemen of the Defense Forces, and employees of defense industry enterprises.
The GRU targeted routers with outdated software — the so-called SOHO (Small Office/Home Office) equipment. Once hacked, they would redirect traffic through their own network of DNS servers and become «middlemen» between the user and the Internet.
This allowed the interception of data, even SSL/TLS-protected data, including passwords, authentication tokens, and email content. The resulting data was intended to be used for cyberattacks, information sabotage, and intelligence gathering.
The Security Service of Ukraine gives clear recommendations for all router owners:
The SBU asks providers to help clients implement these measures.
If your router is older than 3-4 years and the manufacturer hasn’t released updates for a long time, there’s a high chance it won’t receive security patches anymore. This isn’t paranoia, but a specific GRU operation that was just stopped.
