The Security Service of Ukraine, together with the FBI, counterintelligence agencies of the Republic of Poland and EU law enforcement agencies, conducted a coordinated cyber operation to neutralize the enemy’s intelligence activities in Ukraine and the territories of partner countries.

As a result of the international cyber operation, numerous instances of hacking of small office and home office Wi-Fi routers of Ukrainian and foreign citizens (so-called SOHO equipment) by Russian military intelligence (better known as the GRU) were uncovered.

According to the investigation, Russian intelligence agents were “hunting” routers that did not comply with modern security protocols.

After “infiltrating” vulnerable Internet devices, the Russian attackers redirected their traffic through a pre-established network of DNS servers (which convert Internet resource names into their IP addresses, uniquely identifying the destination server).

By doing so, they became online “intermediaries,” intercepting passwords, authentication tokens, and other sensitive data, including emails that would normally be secured by cryptographic protocols such as SSL (Secure Sockets Layer) and TLS (Transport Layer Security).

The enemy intended to use the obtained information to conduct cyberattacks, carry out information sabotage, and gather intelligence.

The Russian intelligence service paid special attention to information exchanged by employees and servicemen of state bodies, units of the Defense Forces of Ukraine, and enterprises from defense industry enterprises.

As a result of the joint cyber operation, over 100 servers were blocked and hundreds of routers were taken out of enemy control in Ukraine alone, significantly weakening the intelligence capabilities of the Russian military intelligence and preventing the destruction of equipment at the software level.

The Security Service of Ukraine, together with Western partners, is actively undertaking comprehensive measures to bring all individuals involved in cybercrimes to justice.

The SBU advises all router owners to verify their device model and current software version, ensure that the latest security updates are installed, and implement them without delay.

If the manufacturer no longer provides support, we strongly recommend replacing the router with a more modern model, including one from another company. After updating, it is essential to change the device’s access password, disable remote access to its management panel via the Internet, review the settings, and remove any suspicious entries.

Telecommunications providers are urged to assist their clients in implementing the above cybersecurity measures.