The U.K. has observed what it describes as a prolonged, intensive cyber campaign conducted by Russian military intelligence, or the GRU’s Unit 26165 (also known as APT28 or “Fancy Bear”) against organizations who supplied services to Ukraine. A decade of cyber attacks:
‘We won’t make Kim go away’ Meanwhile, the US, Germany, and France are among the countries accusing Pyongyang of state-sponsored hacking that has continued from 2022 until now, their National Cyber Security Centre (NCSC) said.
According to the report, Russian attackers have been systematically going after organizations in the public and private sector working on the logistics of coordinating, transiting, and delivering aid to Ukraine.
This includes defense and information technology services and maritime, airport, port and air traffic management companies in several NATO member states.
The cyber campaign also included efforts to compromise surveillance cameras in Ukraine near border crossings and at military installations. It is thought the line was intended to watch and control the movement of military hardware and other aid coming into Ukraine. Some 10,000 cameras near sensitive links are believed to have been breached, the report says.
Furthermore, the attackers are said to have abused local city services, including traffic cameras, to aid their surveillance.
The GRU group used a range of methods in their attacks on targeted networks. These techniques include spear-phishing, in which targeted emails are sent to individuals with access to systems, luring them to give up login information, or to click on links to malicious malware.
Another method to gain unauthorized access was by credential guessing and the use of brute-force attacks. And in some instances the hackers took advantage of security weaknesses in software, such as a defect in Microsoft’s Outlook program that enabled the theft of network credentials.
Paul Chichester, Director of Operations at the NCSC, said: “This widespread campaign is likely to form part of an ongoing offensive against the UK and our allies in the coming months.
“We have worked closely with our allies to ensure that appropriate measures have been put in place. “Organisations should be alert to this threat and take steps to protect themselves. “This is the first time that the NCSC has noted that it suspects a nation state of sending a spear phishing attack.
“There is a strong likelihood that this campaign was designed to give the attackers access to the UK’s, and our allies’, secrets. PUBLIC NCCSSpoke to ITVNews regarding attributions made today by the UK. He encouraged organizations to read the detailed list of threats and mitigations detailed in the joint advisory to prepare their defenses.
Cybersecurity experts stress that any organization playing any role in aiding Ukraine should consider itself a target. The brazen cyber espionage has been described as an intelligence-gathering effort, and also possibly a precursor to cyber or physical actions intended to disrupt the delivery of aid.
The UK and its allies have also issued a Joint Advisory, advising organizations to monitor network traffic, immediately patch newly released server software and use hard-to-guess passkeys and multi-factor authentication to defend themselves against these ongoing attacks.
The disclosure is the latest sign of the cyber component of the conflict in Ukraine and the continued attempts by Russia to erode international backing for the country.
