London, UK – The United Kingdom, in collaboration with key allies including the US, Germany, and France, has unveiled a sophisticated "malicious cyber campaign" orchestrated by a Russian military intelligence unit, specifically targeting organizations involved in providing assistance to Ukraine.
According to a joint investigation by the UK’s National Cyber Security Centre (NCSC), a Russian military unit, known informally as "Fancy Bear" (GRU Unit 26165), has been actively targeting both public and private entities since 2022. The affected organizations span critical sectors such as defence, IT services, and logistics support, all playing a role in supporting Ukraine.
The multi-national security bodies of ten NATO countries and Australia confirmed that Russian spies employed a variety of hacking techniques to infiltrate networks. Notably, the campaign included accessing internet-connected cameras at Ukrainian borders, which were used to monitor aid shipments entering the country. The report estimates that approximately 10,000 cameras near "military installations and rail stations" were compromised to track the movement of materials into Ukraine. The report also highlighted the use of "legitimate municipal services, such as traffic cams," for espionage.
Paul Chichester, NCSC Director of Operations, issued a strong warning: "This malicious campaign by Russia's military intelligence service presents a serious risk to targeted organisations, including those involved in the delivery of assistance to Ukraine." He urged organizations to review threat and mitigation advice to bolster their network defenses.
John Hultquist, chief analyst at Google Threat Intelligence Group, underscored the threat, stating that anyone involved in moving goods into Ukraine "should consider themselves targeted" by Russian military intelligence. He further cautioned that these incidents could be "precursors to other serious actions," aiming not only to identify but potentially disrupt support through both physical and cyber means.
The joint cyber-security advisory revealed that Fancy Bear had also targeted organizations linked to critical infrastructure, including ports, airports, air traffic management, and the defence industry, across 12 mainland European countries and the US.
The hackers utilized various techniques to gain access, including common methods like password guessing and more sophisticated tactics like spearphishing. Spearphishing involves sending fake emails designed to trick specific individuals with system access into revealing their login details or clicking malicious links. The report noted that the subjects of these emails were "diverse and ranged from professional topics to adult themes." Additionally, a vulnerability in Microsoft Outlook was exploited to collect credentials via "specially crafted Outlook calendar appointment invitations."
Rafe Pilling, director of threat intelligence at Sophos Counter Threat Unit, remarked that these types of techniques have been "a staple tactic of this group for over a decade." He added that access to cameras would "assist in the understanding of what goods were being transported, when, in what volumes and support kinetic [weapons] targeting."
Fancy Bear is a notorious hacking team with a history of significant cyber breaches, including the leak of World Anti-Doping Agency data and a key role in the 2016 cyber-attack on the US Democratic National Committee.
Post a Comment