US disrupts Russian military-run DNS hijacking network, Justice Department says

The U.S. Justice Department said on Tuesday it carried out a court-authorized disruption of a DNS hijacking network controlled by a Russian military intelligence unit.



The network was operated by Russia's Main Intelligence Directorate of the General Staff (GRU) Military Unit 26165, the department said in a statement.



It added the GRU used routers to facilitate hijacking operations against worldwide targets, including individuals in military, government and critical infrastructure sectors.



The efforts targeted thousands of routers worldwide and enabled the Russian hackers to filter traffic to identify specific targets, according to the Justice Department.



Once targets were identified, targets' unencrypted network traffic was captured, providing the hackers with passwords, authentication tokens, emails and other sensitive information, it added.



"GRU actors compromised routers in the U.S. and around the world, hijacking them to conduct espionage. Given the scale of this threat, sounding the alarm wasn't enough," said Brett Leatherman, the assistant director of the FBI's Cyber Division.



The FBI identified compromised routers in the U.S., collected evidence of Russian targeting, cut off GRU access, and reset them to normal functionality, the Justice Department said in its statement.