Russian GRU Hacking Group Exploits Global Routers for Espionage

Russian military hackers, identified as the GRU's Fancy Bear unit, have been exploiting vulnerable routers globally to steal sensitive information from governments, militaries, and critical infrastructure. The FBI revealed the large-scale operation, conducted in conjunction with international partners, which involved redirecting internet traffic through ill-protected routers to capture passwords and encrypted data.

The GRU unit, also known as Unit 26165, acted as 'intermediaries' to collect passwords, authentication tokens, and other sensitive details, including emails normally protected by SSL/TLS protocols. This information was intended for cyberattacks, information sabotage, and intelligence gathering.

The FBI stated the GRU indiscriminately compromised a wide range of US and global victims, with a particular focus on military, government, and critical infrastructure. This technique has been in use since at least 2024.

This cyber espionage group, also identified as APT28, has been active since at least 2004. Authorities believe Fancy Bear has been behind numerous high-profile attacks, including breaches of Germany's Bundestag, French channel TV5Monde, and several US banks. They have also targeted Ukraine, NATO, and defense contractors.