Hackers linked to Russian military intelligence have targeted Western logistics and technology firms involved in transporting aid to Ukraine, the US National Security Agency (NSA) said.
The cyber operation, attributed to the notorious Russian military intelligence agency GRU unit 26165, better known as Fancy Bear, sought to gather information on the types and timing of assistance entering Ukraine.
According to the NSA’s report published late Wednesday, the campaign aimed to breach companies in the defence, transport and logistics sectors across multiple Western countries, including the US.
Geyer warned that the intelligence gathered could help Russia refine its military strategy or potentially plan future cyber or physical disruptions to Ukraine’s aid routes.
Evidence gathered by Western countries over the years has shown that Fancy Bear has been behind a slew of attacks on Ukraine, Georgia and NATO, as well as political enemies of the Kremlin, international journalists and others.
The US National Security Agency (NSA) reported that hackers associated with Russian military intelligence had targeted Western logistics and technology companies that move aid to Ukraine.
Information on the kinds and timing of aid entering Ukraine was the aim of the cyber operation, which was credited to the infamous Russian military intelligence organization GRU unit 26165, popularly known as Fancy Bear.
In a report released late Wednesday, the NSA said the campaign targeted defense, transportation, and logistics companies in several Western nations, including the United States. Additionally, it targeted railway infrastructure, ports, and airports.
Hackers tried to view video from over 10,000 internet-connected cameras, both public and private, located close to important transit hubs like ports, border crossings, and train stations, as part of the operation.
The bulk of these cameras were situated in Ukraine, but some were also situated in Poland, Romania, and other neighboring eastern and central European nations.
According to reports, Russia’s full-scale invasion of Ukraine in 2022 marked the start of the cyberattacks. How successful the hackers were and how long they went unnoticed have not been made public by the authorities.
The NSA, FBI, and cybersecurity agencies from allies cautioned that Russia is likely to keep up its surveillance and urged support delivery companies to be on the lookout.
In the advisory, the NSA stated that “at-risk entities should anticipate targeting in order to defend against and mitigate these threats.”.
In addition to using spearphishing techniques, which involve sending phony, official-looking messages with the intention of extracting private data or infecting PCs with malware, the hackers also took advantage of flaws in remote access devices commonly found in home office or small office networks, which frequently lack enterprise-level security.
The chief strategy officer at cybersecurity company Claroty, Grant Geyer, stated that the hackers’ techniques were methodical but not particularly complex.
He stated, “They have carried out thorough targeting throughout the whole supply chain to understand what equipment is moving, when, and how — whether it is by ship, rail, or aircraft.”.
Geyer cautioned that the intelligence could be used to help Russia plan future physical or cyber disruptions to Ukraine’s aid routes or to improve its military strategy.
Following a string of alleged Russian-affiliated sabotage incidents in Europe, US intelligence agencies took a similar step last fall when they released guidelines advising US defense contractors and logistics companies to strengthen their cybersecurity.
Over the years, Western nations have gathered evidence that Fancy Bear has been responsible for numerous attacks against NATO, Ukraine, Georgia, political opponents of the Kremlin, international journalists, and others.
