Officials believe that the hacking group used the stolen data to carry out cyber attacks, information sabotage and intelligence gathering and targeting military, government and critical infrastructure targets.
“The Russians tried their best to cover all vulnerable routers, while redirecting requests to domains they were interested in. For example, *.gov.ua, or with names corresponding to Microsoft Outlook, military systems,” said a law enforcement official who participated in the joint operation, requesting anonymity to reveal more details.
SBU of Ukraine said “Russian special services paid special attention to information exchanged between employees and employees of state bodies, units of the Defense Forces of Ukraine and enterprises of the defense-industrial sector.”
The agencies linked the campaign to the Fancy Bear hacking group (also known as APT28 and Forest Blizzard), which was previously identified by Western officials as part of Russia’s GRU military intelligence service.
Hackers have exploited vulnerabilities in routers since at least 2024, including in popular TP-Link routers. By hacking routers, they were able to monitor data exchanges from mobile devices and laptops and bypass encryption protocols, security services said.
