International Probe Reveals Russian GRU Cyber Operations Targeting Vulnerable Routers Worldwide

An international investigation has uncovered cyber operations attributed to Russia's GRU military intelligence unit, specifically the 85th Main Special Service Centre (85th GTsSS). The group, also known as APT28, Fancy Bear, Tsar Team, and Forest Blizzard, exploited vulnerabilities in internet routers to access sensitive data from governments and military entities.

Ukraine's Security Service (SBU) participated in the probe, which involved intelligence and law enforcement services from multiple countries, including the US and UK.

The hackers compromised vulnerable routers and redirected traffic through a pre-deployed network of DNS servers to exfiltrate information. The operation targeted devices with inadequate security protections, allowing unauthorized access to networks.

Details The probe revealed cyber activities targeting governments and military organizations across multiple countries. The international collaboration aimed to identify the scope and methods of the cyber activities.

The use of DNS servers facilitated the redirection of data without immediate detection. Law enforcement agencies continue to analyze the extent of the compromises.

Context and Next Steps This operation occurs amid ongoing geopolitical tensions, particularly following Russia's invasion of Ukraine in 2022, which has heightened cyber threats between the involved nations.

The stakes involve national security, as stolen data could compromise intelligence operations or personal safety of individuals. Affected parties, including governments, face risks of further exploitation or retaliation. Following the investigation, authorities are expected to enhance router security protocols and share intelligence to prevent similar incidents.

International cooperation could potentially lead to coordinated responses. Monitoring for additional leaks and vulnerabilities remains ongoing.