FBI and SRI operation to dismantle a network of Russian hackers associated with the Main Intelligence Directorate of the Russian General Staff (GRU)

The FBI, together with the SRI and agents from 14 other NATO member countries, has dismantled a spy network of the Main Directorate of the General Staff of the Russian State (GRU), which was stealing military, governmental, and critical infrastructure information. The operation, named 'Operation Masquerade', revealed the exploitation of vulnerable routers for intercepting and stealing sensitive data.

GRU, also known as APT28 or Fancy Bear, used DNS hijacking techniques to compromise network devices, altering settings to redirect traffic through servers controlled by attackers. This method allowed the collection of passwords, authentication tokens, and sensitive information, including web browsing data. The FBI has issued a series of recommendations for SOHO router users, including updating firmware and changing default passwords, to prevent future attacks. Organizations are encouraged to review their policies on access to sensitive data, especially in the context of remote work.