The Romanian Intelligence Service (SRI), through the National Cyberint Center, took part alongside the international intelligence community in Operation Masquerade, which dismantled an attack infrastructure made up of routers used by the Russian cyber actor APT28/Fancy Bear, attributed to the GRU.
The SRI said on Wednesday that through this network the cyber actor collected passwords, authentication tokens and sensitive data, including emails and online search history, information normally protected by SSL (secure socket layer) and TLS (transport layer security) protocols.
According to the Service, the GRU compromised a wide range of entities worldwide, including in Romania, targeting in particular critical infrastructure and information from the military and government sectors.
SRI stressed that the group's modus operandi highlights the need for users of SOHO (small-office/home-office) devices to adopt protective measures such as replacing end-of-life equipment, updating firmware, verifying the authenticity of connections made by network devices, and reviewing firewall rules to limit unauthorized remote access.
The operation disrupted ongoing APT28 cyber activities involving the exploitation of router-type equipment and significantly limits the actor's ability to conduct future attacks using this infrastructure, the Service added.
President Nicusor Dan also said on Wednesday that the FBI, together with several international partners, including SRI, announced the dismantling of a massive cyberespionage network targeting sensitive infrastructure in several Western states.
"Cyber actors associated with the Russian military intelligence service GRU were collecting military, governmental and critical-infrastructure information. Russia is therefore continuing its hybrid war against Western countries, and only those acting in bad faith fail to see this. Romania must strengthen its cybersecurity and continue cooperating with Western partners," the president wrote on Facebook.
Comentează