The UK government and its allies have uncovered a campaign of malicious cyber activity targeting Western logistics and technology companies helping Ukraine, with Russian intelligence behind it.

This is stated on the website of the UKʼs National Cyber Security Center.

According to the center, the cyber campaign has been conducted by military unit 26165 of the Russian GRU since 2022. In particular, it involves attacks on organizations involved in coordination, transportation, and support to Ukraine, as well as on structures in the fields of defense, IT services, maritime transportation, airports, ports, and air traffic control systems in several NATO member states.

Hackers from Unit 26165 — also known as APT28 or Fancy Bear — were able to gain initial access to victimsʼ networks using a combination of previously known methods, including credential harvesting, spear phishing, and exploiting Microsoft Exchange mailbox permissions.

They also targeted internet-connected cameras at Ukrainian border crossings and near military installations to monitor aid deliveries to Ukraine.

The Russian hacking group APT28 has been operating around the world since at least 2004. In April, France accused them of cyberattacks — including during Macronʼs presidential campaign.

