The UK has exposed a “malicious cyber campaign” by a Russian military unit targeting organisations involved in delivering foreign assistance to Ukraine. The National Cyber Security Centre (NCSC) collaborated with US, German and French allies on the investigation, revealing that hackers had accessed over 10,000 internet-connected cameras near Ukrainian borders since 2022. These cameras monitored aid shipments entering the country. The group, known as Fancy Bear or GRU Unit 26165, used hacking techniques such as guessing passwords, spearphishing emails, and exploiting vulnerabilities in Microsoft Outlook to gain access.
The targets of the campaign included organisations involved in defence, IT services, logistics support, and critical infrastructure like ports, airports, and air traffic management. The hackers aimed to disrupt aid shipments and track movement of materials into Ukraine. Security experts warn that anyone involved in moving goods into Ukraine should be aware they are targeted by Russian military intelligence.
The report highlights the use of legitimate municipal services, such as traffic cameras, by the hackers. It also notes that these tactics have been used by Fancy Bear for over a decade and could lead to more serious actions. Cyber security firms Dragos and Sophos Counter Threat Unit have confirmed tracking hacking activity linked to the NCSC’s report.
Source: https://www.bbc.com/news/articles/c17rrjdr79po