SBU, FBI uncover Russian router hacking campaign
on Google
Ukraine's Security Service (SBU), together with the FBI, Polish counterintelligence, and EU law enforcement agencies, has uncovered a large-scale cyber-espionage operation by Russia's military intelligence agency (GRU) targeting users in Ukraine, Europe, and the United States via compromised Wi-Fi routers.
According to the SBU, Russian operatives hacked vulnerable home and office routers that lacked up-to-date security measures. After gaining access, they rerouted internet traffic through a network of controlled servers.
This enabled them to intercept passwords, authentication tokens, and other sensitive data, including emails.
The stolen information was intended for use in future cyberattacks, disinformation campaigns, and intelligence gathering, the SBU said.
The operation specifically targeted communications involving government officials, military personnel, and employees of Ukraine's defense sector.
As part of the joint effort, authorities blocked more than 100 servers and regained control of hundreds of compromised routers in Ukraine alone.
Efforts are ongoing to identify and prosecute those involved in the cyber operation.
The SBU also urged users to update their router software, install the latest security patches, or replace outdated devices. Additional recommendations include changing default passwords, disabling remote access to router settings, and checking configurations for suspicious activity.
Russian-linked hacking groups have long conducted cyber operations, often financially motivated, but since the full-scale invasion of Ukraine have increasingly shifted toward disruptive attacks targeting Kyiv and its allies.
In a recent case, Dutch intelligence agencies said Russian hackers launched a global campaign targeting WhatsApp and Signal accounts, using phishing to access the messages of government officials, journalists, and other targets.
