Joint Cyber Operation Exposes Russian Espionage via Hacked Wi-Fi Routers

Severity: High (Score: 78.5)

Sources: Mezha.Ua, English.Nv.Ua, Pravda.Ua

Summary

The Security Service of Ukraine (SSU), in collaboration with the FBI, Polish counterintelligence, and EU law enforcement, conducted a cyber operation that uncovered extensive hacking by Russian military intelligence targeting office Wi-Fi routers in Ukraine, the EU, and the US. The operation revealed that outdated security settings on these devices were exploited to redirect internet traffic through malicious DNS servers, allowing attackers to intercept sensitive data such as passwords and emails. More than 100 servers were blocked, and hundreds of routers were taken out of Russian control, significantly diminishing Russian intelligence capabilities. The SSU is continuing its investigation to identify all individuals involved in these cyberattacks. Users are advised to check their routers, update software, and change access passwords to enhance security. The operation highlights the ongoing threat posed by Russian cyber operations against critical infrastructure and government entities. Key Points: • Russian military intelligence hacked Wi-Fi routers in Ukraine, the EU, and the US. • Over 100 servers were blocked, and hundreds of routers were secured from Russian control. • Users are urged to update router security settings and change passwords.

Key Entities

• Data Breach (attack_type)
• Man-in-the-Middle (attack_type)
• Russia (country)
• Ukraine (country)
• United States (country)
• Government (industry)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1071.004 - DNS (mitre_attack)
• DarkSword (malware)