UK and allies expose Russian cyber campaign targeting Ukraine support operations

Defence firms, IT service providers, maritime firms in NATO member states targeted

Cybersecurity agencies in the UK, Europe, Canada and the US have issued advisory notices warning that Russian military intelligence is orchestrating a sustained cyber campaign against public and private sector organisations which facilitate aid to Ukraine.

The United Kingdom and allies from ten other nations have publicly exposed a sustained campaign of malicious cyber activity by Russia targeting logistics and technology firms assisting Ukraine.

The National Cyber Security Centre (NCSC), issued an advisory (pdf) on Wednesday in partnership with cyber agencies from the United States, Germany, Czech Republic, Poland, Australia, Canada, Denmark, Estonia, France, and the Netherlands.

The advisory warns of an ongoing cyber threat posed by Russia's military intelligence service, specifically the notorious GRU Unit 26165, also known in cybersecurity circles as APT28 or Fancy Bear.

According to the NCSC, the cyber-attacks, ongoing since 2022, have targeted both public and private sector organisations engaged in facilitating international aid to Ukraine.

Victims have included defence companies, IT service providers, maritime firms, and companies managing airport and air traffic control systems in NATO member states.

The cyber campaign appears to have been carefully orchestrated to disrupt the coordination, transport, and delivery of foreign assistance to Ukraine.

The attackers also reportedly attempted to compromise internet-connected surveillance cameras near Ukrainian border crossings and military bases, likely in an effort to track aid shipments and troop movements.

Paul Chichester, Director of Operations at the NCSC, described the activity as a serious risk to targeted organisations and urged immediate vigilance.

"This malicious campaign by Russia's military intelligence service presents a serious risk to targeted organisations, including those involved in the delivery of assistance to Ukraine," Chichester said.

"The UK and partners are committed to raising awareness of the tactics being deployed. We strongly encourage organisations to familiarise themselves with the threat and mitigation advice included in the advisory to help defend their networks."

The advisory outlines several key tactics used by GRU operatives, including spear-phishing and brute-force password attacks, where login credentials are guessed to gain unauthorized access.

APT28 has long been known for its sophisticated cyber operations and was previously linked to numerous high-profile intrusions, including attacks on the US Democratic National Committee in 2016.

Last year, the Federal Bureau of Investigation (FBI) issued a warning regarding the use of compromised Ubiquiti EdgeRouters by APT 28, unveiling a sophisticated network of cyber warfare aimed at governments and organisations globally.

The FBI said Russian hackers weaponised compromised EdgeRouters to orchestrate a series of cyberattacks, encompassing the theft of sensitive information, hosting spear-phishing landing pages, and deploying custom tools.

Following the latest NCSE advisory, executives and cybersecurity teams at logistics and technology companies are being urged to enhance digital defences immediately.

Recommended actions include intensified network monitoring, prompt application of security updates, and the adoption of strong multi-factor authentication methods, such as passkeys.

The cyber threat warning comes at the time when UK has announced a major new round of sanctions against Russia.

The package of 100 new measures targets Russia's military supply chains, energy exports, and disinformation infrastructure.

The sanctions specifically aim to disrupt the production and deployment of Iskander missiles, which have been used against civilian areas in Ukraine.

The Foreign, Commonwealth and Development Office described the sanctions as part of efforts to "ramp up pressure" on Russian President Vladimir Putin's regime.