SBU and FBI exposed large-scale Russian cyber espionage operation via Wi-Fi routers

The Security Service of Ukraine, together with the US Federal Bureau of Investigation, European and Polish partners, conducted a large-scale cyber operation, which resulted in the exposure of a scheme for spying by Russian special services through hacked Wi-Fi routers.

How the scheme worked

According to the investigation, Russian military intelligence (GRU) attacked home and office routers that did not meet modern cybersecurity standards.

After hacking the devices, the attackers:

redirected Internet traffic through controlled DNS servers;
gained access to passwords, tokens and other confidential information;
even intercepted protected data, including e-mail.
Who were they trying to spy on

The main targets of the cyberattack were:

civil servants;
Ukrainian Defense Forces servicemen;
defense-industrial complex employees.

The collected data was planned to be used for cyberattacks, information operations, and intelligence activities.

Results of the operation

As part of the joint actions, it was possible to:

block more than 100 servers;

remove hundreds of infected routers from the control of Russian special services;
prevent the destruction of equipment due to malicious software.
Recommendations for citizens

The SBU calls on Ukrainians to strengthen the protection of their networks:

update the router software;
change access passwords;
disable remote access;
check the settings for third-party changes.

In the case of outdated equipment, it is recommended to replace it.