The United Kingdom, together with close allies, have laid bare a sustained cyber campaign by the Russian GRU targeting government organizations, political groups and others critical to the running of the Ukraine and the protection of democratic process.
Proof exists of these ongoing malicious cyber activities against various organizations since at least 2022 from this Russian military intelligence unit, also known as GRU Unit 26165 or “Fancy Bear,” the UK’s National Cyber Security Centre (NCSC) revealed today.
The main targets for this wide-ranging campaign have been organizations taking part in the co-ordination, shipment and delivery of international assistance to Ukraine.
This includes a diverse set of companies including defence contractors, IT services firms and logistics companies based in NATO members and in Ukraine itself.
The attackers used multiple advanced techniques to break into those networks, such as spear phishing attempts, brute-force password guessing attacks, and the exploitation of flaws in common software programs such as Microsoft Outlook.
Of particular concern was the hijacking of some 10,000 internet-connected surveillance cameras near Ukrainian border checkpoints, military installations and train stations.
This would have enabled the Russian operatives to potentially take measures to surveil the movement of critical supplies and the tracking of troop movements into Ukraine.
The GRU’s unit is also said to have used genuine municipal services, such as the city’s traffic cameras, to do reconnaissance.
In addition to the focus on Ukraine-related aid, the cybercampaign reached into institutions in Germany, although not further details about them were immediately shared.
That suggests a wider intelligence-gathering goal by Russia against allied countries.
Paul Chichester, director of operations at the NCSC, described the risk as serious: “”This campaign is just the latest in the Russian GRU’s attempts to disrupt organizations and undermine the international order”.
He called upon organisations to equip themselves with knowledge of the tactics used and take action to mitigate the techniques outlined in the joint advisory from the UK and its allies.
The exposure of this cyber campaign comes as tensions between Ukraine and Russia continue to escalate and as the West supports Ukraine in fighting off Russian aggression.
A UK government announcement of new sanctions against Russia highlights the determination of allied countries to push back against hostile activity in the real world and online.
Cybersecurity analysts caution that such spycraft may be a prelude to more disruptive cyberstrikes down the line.
Organizations backing Ukraine and critical infrastructure throughout ally countries are now on high alert, shoring up their computer networks to prevent additional Russian cyber incursions.
