Russian GRU exploiting vulnerable routers to steal sensitive information
Russian General Staff Main Intelligence Directorate (GRU) cyber actors are exploiting vulnerable routers worldwide to intercept and steal sensitive military, government, and critical infrastructure information.
The U.S. Department of Justice and the FBI recently disrupted a GRU network of compromised small-office home-office (SOHO) routers used to facilitate malicious DNS hijacking operations.
The FBI and the following partners are warning the public and encourage network defenders and device owners to take actions to remediate and reduce the attack surface of similar edge devices: U.S. National Security Agency (NSA) and international partners from Canada, Czech Republic, Denmark, Estonia, Finland, Germany, Italy, Latvia, Lithuania, Norway, Poland, Portugal, Romania, Slovakia, and Ukraine.