NATO Allies Expose Russian Cyber Campaign Targeting Ukrainian Supporters

Uploaded on 2025-06-17 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

In a coordinated effort, the UK and its allies have uncovered a sophisticated cyber campaign orchestrated by Russia’s military intelligence service, aimed at disrupting organizations supporting Ukraine.

The campaign, described as "malicious" by the UK’s National Cyber Security Centre (NCSC), has targeted a range of public and private entities involved in delivering aid to Ukraine since 2022, amid Russia’s ongoing invasion.

The NCSC, in collaboration with cybersecurity agencies from 10 NATO countries including the US, Germany, France, and the Netherlands - along with Australia, has identified Russia’s GRU Unit 26165, also known as Fancy Bear or APT28, as the perpetrator.

Fancy Bear Unveiled

This unit has employed a variety of hacking techniques to infiltrate networks, focusing on organizations in defense, IT services, logistics, and critical infrastructure sectors such as ports, airports, and air traffic management. A key target was internet-connected cameras, with an estimated 10,000 devices compromised near Ukrainian border crossings, military installations, and rail stations to monitor aid shipments.

These cameras, including legitimate municipal systems like traffic cams, were exploited to track the movement of materials into Ukraine, providing Russia with intelligence on train schedules, shipping manifests, and cargo contents.

The hackers used methods such as credential guessing, spearphishing - where targeted individuals receive fake emails designed to steal login details or install malware - and exploiting vulnerabilities in systems like Microsoft Exchange. In one instance, the attackers pivoted from an initial breach to steal credentials for accounts with access to sensitive shipment information, revealing route details and cargo specifics for trains, planes, and ships headed to Ukraine.

Global Response & UK’s Commitment To Ukraine

The joint cybersecurity advisory emphasizes the serious risk posed by these attacks and urges organizations to strengthen their defenses. Paul Chichester, NCSC Director of Operations, stated, “This malicious campaign by Russia’s military intelligence service presents a serious risk to targeted organizations, including those involved in the delivery of assistance to Ukraine.”

The NCSC advisory provides mitigation advice, including adopting multi-factor authentication, enhancing network monitoring, and applying timely security updates to counter these threats.

The exposure of this campaign coincides with heightened tensions, following the UK’s announcement of £13 billion in military aid to Ukraine, alongside new sanctions targeting Russia’s military supply chains, energy exports, and financial institutions. The UK government reiterated its unwavering support for Ukraine, stating, “Supporting UK organizations to stay resilient to cyber threats is helping to secure the foundations for the government’s Plan for Change in a more volatile and unstable world.”

A Call for Vigilance

This revelation underscores the evolving nature of cyber warfare and the critical need for robust cybersecurity measures.

As Russia continues its aggressive actions, both on the battlefield and in cyberspace, NATO allies are committed to raising awareness and countering these threats to ensure the uninterrupted flow of support to Ukraine.

Image: Ideogram

You Might Also Read:

Russian State-Sponsored Hacking Extends Worldwide:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.