Russian Agents Unmasked: Espionage via Compromised Routers Revealed

Ukraine, together with the United States, Poland, and the European Union, exposed Russian spies operating in several countries.

The operation was reported by the SBU press center.

“The Security Service, together with the FBI, counterintelligence agencies of the Republic of Poland, and EU law enforcement agencies, conducted a coordinated cyber operation to neutralize enemy intelligence activities on the territory of Ukraine and partner states,” the report says.

As a result of the operation, it was possible to establish the facts of the “hacking” of Wi-Fi routers by Ukrainians and foreign citizens.

GRU agents sought out devices that did not comply with modern security protocols. They redirected router traffic through a prepared network of DNS servers.

In this way, the Russians gained access to passwords and other information, including emails. The enemy planned to use this information for information sabotage, cyberattacks, and intelligence gathering.

Russian intelligence paid particular attention to information exchanged between employees and servicemen of state bodies, units of the Defense Forces, and enterprises of the defense-industrial complex.

As a result of the international cyber operation, more than 100 servers were blocked, and hundreds of routers in Ukraine were taken out of enemy control.

According to the SBU, this operation significantly weakens Russian intelligence’s capabilities. In addition, Ukraine and its partners prevented the destruction of equipment at the software level.

Currently, the SBU and Western colleagues are working to bring to justice all those involved in cybercrimes.

“The SBU recommends that all router owners update their device model and current software version, check for current security updates, and implement them immediately. In the absence of support from the manufacturer, we strongly recommend replacing the router with a more modern model, including one from another company,” the press center advised.

At the same time, they added that after the update, you need to change the device access password, disable access to its control panel from the Internet, and also check the settings and remove anything suspicious.

Recall that Russia is increasing hybrid pressure on the United States, supporting cyberattacks by Iranian hacker groups. Experts have reported an increase in attacks on critical infrastructure.

Also, follow “Pryamyi” on Facebook, X, Telegram, and Instagram.