FBI: Russia-backed Fancy Bear hackers used Wi-Fi routers to steal data
A Russian hacking group called Fancy Bear used poorly-protected Wi-Fi routers to hack into governments, the FBI said. File Photo by Sascha Steinbach/EPA
April 8 (UPI) — A Russian hacking group financed by the spy agency GRU managed a large-scale campaign to steal information about militaries and governments by hacking into Wi-Fi routers, the FBI said.
The group known as Fancy Bear is behind the hack done to governments around the world. Intelligence and police services in the United States, Canada, Ukraine, Germany, Italy, Poland, Slovenia, Romania and others discovered the operation, which attacked poorly protected Wi-Fi routers, they announced in a joint statement Tuesday.
The hackers took “passwords, authentication tokens and other sensitive information, including emails” Ukraine’s security service, the SBU, said in a statement.
“This way, they acted as ‘intermediaries’ in the online space to collect passwords, authentication tokens and other sensitive information, including emails, which under normal circumstances are protected by SSL [Secure Sockets Layer] and TLS [Transport Layer Security] cryptographic protocols,” SBU said.
The GRU operatives, who have been using this technique since at least 2024, planned to use the information to “carry out cyberattacks, information sabotage and the collection of intelligence,” SBU said.
The FBI said the GRU has “indiscriminately compromised a wide pool of U.S. and global victims and then filtered down impacted users, especially targeting information related to military, government and critical infrastructure.”
Romania, which participated in the investigation, said the GRU operatives “were collecting military, governmental, and critical infrastructure-related information,” Romanian President Nicușor Dan said.
“Russia therefore continues its hybrid war against Western countries — only those acting in bad faith could fail to see this,” Dan said in a post on X.
The FBI also urged “all network defenders and owners of small office/home office (SOHO) routers to update to the latest firmware versions, change default usernames and passwords, disable remote management interfaces from the internet, and stay alert for certificate warnings in web browsers and email clients.”