WASHINGTON — The US Justice Department claimed on Tuesday that it dismantled a global DNS hijacking network controlled by a Russian military intelligence unit in a court-authorized disruption. The network was operated by Russia’s Main Intelligence Directorate of the General Staff (GRU) Military Unit 26165, the Justice Department said in a statement. The GRU used compromised routers worldwide to conduct espionage. Targets included individuals in military, government, and critical infrastructure sectors. This disruption aimed to neutralize a significant cyber threat. Since at least 2024, GRU actors have exploited known vulnerabilities to steal credentials for thousands of TP-Link routers worldwide. The actors then accessed many of these compromised routers without authorization and manipulated their settings to redirect DNS requests to GRU-controlled servers. “Given the scale of this threat, sounding the alarm wasn’t enough,” said Brett Leatherman, the assistant director of the FBI’s Cyber Division. — AgenciesWASHINGTON — The US Justice Department claimed on Tuesday that it dismantled a global DNS hijacking network controlled by a Russian military intelligence unit in a court-authorized disruption. The network was operated by Russia’s Main Intelligence Directorate of the General Staff (GRU) Military Unit 26165, the Justice Department said in a statement. The GRU used compromised routers worldwide to conduct espionage. Targets included individuals in military, government, and critical infrastructure sectors. This disruption aimed to neutralize a significant cyber threat. Since at least 2024, GRU actors have exploited known vulnerabilities to steal credentials for thousands of TP-Link routers worldwide. The actors then accessed many of these compromised routers without authorization and manipulated their settings to redirect DNS requests to GRU-controlled servers. “Given the scale of this threat, sounding the alarm wasn’t enough,” said Brett Leatherman, the assistant director of the FBI’s Cyber Division. — Agencies
