The Lithuanian State Security Department (DGB), involved in an international operation under the supervision of the U.S. Federal Bureau of Investigation (FBI), reported the neutralization of a network of vulnerable routers. The network was used by the cyber group APT28, linked to the Russian military intelligence (GRU), claim the Lithuanians.
“It has been established that this group systematically exploited vulnerable home and small office (SOHO) routers worldwide, altering their DNS settings and redirecting internet traffic through its controlled infrastructure,” the agency reported on Facebook on Wednesday.
Intelligence agencies from various countries involved in the investigation note that the group has been collecting data and using vulnerable routers worldwide since at least 2024.
According to intelligence, this created conditions for man-in-the-middle attacks, allowing the interception and collection of confidential information: credentials, authentication tokens, email content, and other web browsing data.
“The attacks were conducted on a large scale: initially, a significant number of devices were compromised, and then targets of potential intelligence value were selected, particularly those related to government institutions, the defense sector, and critical infrastructure,” the DGB notes.
The DGB urges citizens and organizations to consistently enhance cybersecurity and take measures to reduce the vulnerability of network devices and the risk of potential incidents.
For reference: SOHO modem (from English Small Office / Home Office) is a networking device designed to provide internet connectivity in a small office (up to 10 people) or home environment.
Leave a comment