NATO Allies Expose Russian Cyber Campaign Targeting Ukrainian Supporters

Uploaded on 2025-06-17 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

In a coordinated effort, the UK and its allies have uncovered a sophisticated cyber campaign orchestrated by Russia’s military intelligence service, aimed at disrupting organizations supporting Ukraine. 

The campaign, described as "malicious" by the UK’s National Cyber Security Centre (NCSC), has targeted a range of public and private entities involved in delivering aid to Ukraine since 2022, amid Russia’s ongoing invasion.

The NCSC, in collaboration with cybersecurity agencies from 10 NATO countries  including the US, Germany, France, and the Netherlands - along with Australia, has identified Russia’s GRU Unit 26165, also known as Fancy Bear or APT28, as the perpetrator.

Fancy Bear Unveiled

This unit has employed a variety of hacking techniques to infiltrate networks, focusing on organizations in defense, IT services, logistics, and critical infrastructure sectors such as ports, airports, and air traffic management. A key target was internet-connected cameras, with an estimated 10,000 devices compromised near Ukrainian border crossings, military installations, and rail stations to monitor aid shipments.

These cameras, including legitimate municipal systems like traffic cams, were exploited to track the movement of materials into Ukraine, providing Russia with intelligence on train schedules, shipping manifests, and cargo contents.

The hackers used methods such as credential guessing, spearphishing - where targeted individuals receive fake emails designed to steal login details or install malware - and exploiting vulnerabilities in systems like Microsoft Exchange. In one instance, the attackers pivoted from an initial breach to steal credentials for accounts with access to sensitive shipment information, revealing route details and cargo specifics for trains, planes, and ships headed to Ukraine.

Global Response & UK’s Commitment To Ukraine

The joint cybersecurity advisory emphasizes the serious risk posed by these attacks and urges organizations to strengthen their defenses. Paul Chichester, NCSC Director of Operations, stated, “This malicious campaign by Russia’s military intelligence service presents a serious risk to targeted organizations, including those involved in the delivery of assistance to Ukraine.”

The NCSC advisory provides mitigation advice, including adopting multi-factor authentication, enhancing network monitoring, and applying timely security updates to counter these threats.

The exposure of this campaign coincides with heightened tensions, following the UK’s announcement of £13 billion in military aid to Ukraine, alongside new sanctions targeting Russia’s military supply chains, energy exports, and financial institutions. The UK government reiterated its unwavering support for Ukraine, stating, “Supporting UK organizations to stay resilient to cyber threats is helping to secure the foundations for the government’s Plan for Change in a more volatile and unstable world.”

A Call for Vigilance

This revelation underscores the evolving nature of cyber warfare and the critical need for robust cybersecurity measures.

As Russia continues its aggressive actions, both on the battlefield and in cyberspace, NATO allies are committed to raising awareness and countering these threats to ensure the uninterrupted flow of support to Ukraine.

NCSC  |   BBC  |   Gov.UK  |   Cyber Security Dive  |    Reuters  |   Computing  

Image: Ideogram

You Might Also Read:

Russian State-Sponsored Hacking Extends Worldwide:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Cartier Confirms Customer Data Exposure
Jony Ive Partners With OpenAI To Redefine AI Hardware »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Snort

Snort

Snort is an open source intrusion prevention system capable of real-time traffic analysis and packet logging.

CyberSource

CyberSource

CyberSource provides online payment and fraud management services for medium and large-sized merchants.

Clavister

Clavister

Clavister is a network security vendor delivering a full range of network security solutions for both physical and virtualized environments.

TokenOne

TokenOne

TokenOne is a Cyber Security software company that makes it easy to replace passwords, tokens and other forms of authentication with a more secure solution.

Cyfirma

Cyfirma

CYFIRMA offers Cyber threat visibility and intelligence suite and services aimed at keeping your organization’s cybersecurity posture up-to-date.

Advisera 27001Academy

Advisera 27001Academy

Advisera is a market leader in providing documentation and online support for the implementation of business standards including ISO 27001, ISO 22301 and EU GDPR.

European Healthcare Fraud & Corruption Network (EHFCN)

European Healthcare Fraud & Corruption Network (EHFCN)

EHFCN is the only organisation dedicated to combating fraud, corruption and waste in the healthcare sector across Europe.

Police CyberAlarm

Police CyberAlarm

Police CyberAlarm is a free tool to help members understand and monitor malicious cyber activity. This service is made up of two parts; monitoring and vulnerability scanning.

Prescient Solutions

Prescient Solutions

Prescient Solutions is a managed services provider, using a cloud-based model to provide IT solutions to small, mid-sized, global organizations and government entities.

Emerge Digital

Emerge Digital

Emerge Digital is a technology and digital innovation business and Managed Services Provider providing solutions to SMEs.

Chestnut Hill Technologies (CHT)

Chestnut Hill Technologies (CHT)

CHT provide Best Practices IT Cybersecurity and Technology Solutions and Consulting Support to the Mid Cap through Fortune 1000 Nationwide.

Arista Middle East

Arista Middle East

Arista Middle East is part of Global Arista Technologies specializing in OT Cybersecurity.

SOCRadar

SOCRadar

SOCRadar is an Extended Threat Intelligence (XTI) SaaS platform that combines External Attack Surface Management (EASM), Digital Risk Protection Services (DRPS), and Cyber Threat Intelligence (CTI).

EpicCyber

EpicCyber

Since 2011, Epic Cyber has pioneered the integration of enterprise cloud technology.

Etalon Cyber

Etalon Cyber

Etalon Cyber provides a range of advanced features to ensure the highest level of security for your website.

TestifySec

TestifySec

TestifySec is an evidence-driven security and compliance platform that turns every software build into cryptographic proof, letting teams ship secure, audit-ready software.