US and European security services have reported that an elite Russian hacking group called Fancy Bears is behind a widespread espionage campaign against militaries and governments, writes Politico.
Germany, Italy, Poland and other countries have uncovered a large-scale operation by Russian cybercriminals that carried out espionage using poorly protected wireless routers. Ukraine’s security service, the SBU, said in a statement that by bypassing security protocols and encryption technologies, the hackers collected passwords, authentication identifiers and other sensitive information, including emails.
Officials believe that the stolen data was used to carry out cyberattacks and information sabotage, and to collect intelligence information. The main targets of the cybercriminals were military, government and critical infrastructure facilities. A law enforcement official, who remained anonymous, said that
the Russians did everything to exploit the vulnerable routers,
but redirected only those requests related to domains of interest to them, such as .gov.ua.
The SBU reported that the Russian services paid special attention to the exchange of information between employees of state institutions, units of the Ukrainian armed forces and companies belonging to the defense industry.
Security agencies have linked the campaign to the hacking group Fancy Bear, which Western countries have previously identified as part of the Russian military intelligence service (GRU). Cybercriminals have been exploiting router vulnerabilities since at least 2024, including by hacking widely used TP-Link routers. Through them, the hackers managed to intercept data exchange from mobile devices and laptops.
Read also: Russian bots launch disinformation campaign ahead of Hungarian elections