The Romanian Intelligence Service (SRI), through the National Cyberint Center, participated alongside the international intelligence community in Operation Masquerade, which dismantled an attack infrastructure consisting of routers used by the Russian cyber actor APT28/FANCY BEAR, attributed to the GRU.
According to a statement released on Wednesday, the SRI notes that through this attack network, the cyber actor collected passwords, authentication tokens, and sensitive data, including emails and online search histories—information that is normally protected by SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols.
In this way, the GRU compromised a wide range of entities globally, including in Romania, targeting in particular critical infrastructure and information in the military and government sectors.
The SRI emphasizes that the group’s modus operandi highlights the need for SOHO (small-office home-office) devices, such as: replacing End-of-Life and End-of-Support devices for which manufacturers no longer issue updates, updating firmware, verifying the authenticity of connections made by network devices, and reviewing firewall rules to limit unauthorized remote access.
The operation disrupted the cyber operations currently being carried out by APT28 through the exploitation of router-type equipment and significantly limits the attacker’s ability to carry out future cyberattacks using this attack infrastructure, the cited source added.
For his part, President Nicușor Dan stated on Wednesday that the FBI, together with several international partners, including the SRI, announced the dismantling of a prolonged cyberattack on sensitive infrastructure in several Western countries.
‘Cyber actors associated with the GRU, the Russian military intelligence service, were collecting military, government, and critical infrastructure-related information. Russia is thus continuing its hybrid war against Western countries, and only those acting in bad faith fail to see this. Romania must improve its cybersecurity and continue to collaborate with its Western partners,” the head of state wrote on Facebook.
Source: AGERPRES
