NATO Allies Expose Russian Cyber Campaign Targeting Ukrainian Supporters

Uploaded on 2025-06-17 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

In a coordinated effort, the UK and its allies have uncovered a sophisticated cyber campaign orchestrated by Russia’s military intelligence service, aimed at disrupting organizations supporting Ukraine. 

The campaign, described as "malicious" by the UK’s National Cyber Security Centre (NCSC), has targeted a range of public and private entities involved in delivering aid to Ukraine since 2022, amid Russia’s ongoing invasion.

The NCSC, in collaboration with cybersecurity agencies from 10 NATO countries  including the US, Germany, France, and the Netherlands - along with Australia, has identified Russia’s GRU Unit 26165, also known as Fancy Bear or APT28, as the perpetrator.

Fancy Bear Unveiled

This unit has employed a variety of hacking techniques to infiltrate networks, focusing on organizations in defense, IT services, logistics, and critical infrastructure sectors such as ports, airports, and air traffic management. A key target was internet-connected cameras, with an estimated 10,000 devices compromised near Ukrainian border crossings, military installations, and rail stations to monitor aid shipments.

These cameras, including legitimate municipal systems like traffic cams, were exploited to track the movement of materials into Ukraine, providing Russia with intelligence on train schedules, shipping manifests, and cargo contents.

The hackers used methods such as credential guessing, spearphishing - where targeted individuals receive fake emails designed to steal login details or install malware - and exploiting vulnerabilities in systems like Microsoft Exchange. In one instance, the attackers pivoted from an initial breach to steal credentials for accounts with access to sensitive shipment information, revealing route details and cargo specifics for trains, planes, and ships headed to Ukraine.

Global Response & UK’s Commitment To Ukraine

The joint cybersecurity advisory emphasizes the serious risk posed by these attacks and urges organizations to strengthen their defenses. Paul Chichester, NCSC Director of Operations, stated, “This malicious campaign by Russia’s military intelligence service presents a serious risk to targeted organizations, including those involved in the delivery of assistance to Ukraine.”

The NCSC advisory provides mitigation advice, including adopting multi-factor authentication, enhancing network monitoring, and applying timely security updates to counter these threats.

The exposure of this campaign coincides with heightened tensions, following the UK’s announcement of £13 billion in military aid to Ukraine, alongside new sanctions targeting Russia’s military supply chains, energy exports, and financial institutions. The UK government reiterated its unwavering support for Ukraine, stating, “Supporting UK organizations to stay resilient to cyber threats is helping to secure the foundations for the government’s Plan for Change in a more volatile and unstable world.”

A Call for Vigilance

This revelation underscores the evolving nature of cyber warfare and the critical need for robust cybersecurity measures.

As Russia continues its aggressive actions, both on the battlefield and in cyberspace, NATO allies are committed to raising awareness and countering these threats to ensure the uninterrupted flow of support to Ukraine.

NCSC  |   BBC  |   Gov.UK  |   Cyber Security Dive  |    Reuters  |   Computing  

Image: Ideogram

You Might Also Read:

Russian State-Sponsored Hacking Extends Worldwide:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Cartier Confirms Customer Data Exposure
Jony Ive Partners With OpenAI To Redefine AI Hardware »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Lima Networks

Lima Networks

LIMA design and deliver IT Infrastructure solutions and services including managed Security Monitoring services.

Fredda Stanza

Fredda Stanza

Fredda Stanza specialize in Information Security and Forensics Consulting.

GovCERT.HK

GovCERT.HK

GovCERT.HK is the Government Computer Emergency Response Team for Hong Kong.

Cyber 360

Cyber 360

Cyber 360 is a Cybersecurity contract and fulltime placement firm dedicated to identifying and hiring Cybersecurity professionals.

Cobalt Strike

Cobalt Strike

Cobalt Strike is penetration testing software designed to execute targeted attacks.

BrainChip

BrainChip

BrainChip is the leading provider of neuromorphic computing solutions, a type of artificial intelligence that is inspired by the biology of the human neuron - spiking neural networks.

National Initiative for Cybersecurity Education (NICE) - USA

National Initiative for Cybersecurity Education (NICE) - USA

NICE is a partnership between government, academia, and the private sector focused on cybersecurity education, training, and workforce development.

National Accreditation Authority Hungary (NAH)

National Accreditation Authority Hungary (NAH)

NAH is the national accreditation body for Hungary. The directory of members provides details of organisations offering certification services for ISO 27001.

Haven Group

Haven Group

Haven Group and its companies are a cyber security one-stop-shop for our clients offering a full range of cyber security services to our clients in a unified and united way.

Security Management Partners (SMP)

Security Management Partners (SMP)

Security Management Partners (SMP) is a trusted partner to financial services, healthcare and businesses that need to manage their information, securely.

Auvik Networks

Auvik Networks

Auvik is easy-to-use cloud-based networking management and monitoring software - true network visibility and control without the hassle.

Strike Security

Strike Security

Strike Security offers a continuous penetration testing platform that combines automation with ethical hackers.

Scybers

Scybers

Scybers are a global cybersecurity advisory and managed services company. With our deep expertise, we help our clients reduce their cyber risks with confidence.

Cyber Capital Partners

Cyber Capital Partners

Cyber Capital Partners build strategic and financial partnerships with small and mid-sized cybersecurity companies in highly regulated markets.

PlanNet 21 Communications

PlanNet 21 Communications

PlanNet 21 Communications is Ireland most specialised technology solution provider.

Brava

Brava

Brava is your trusted Business Communications and Solutions partner serving the Caribbean and Atlantic region.