A Russian state-sponsored hacker group has been conducting a large-scale cyberattack against logistics and technology companies involved in delivering international assistance to Ukraine since 2022. At least 13 NATO member countries and Ukraine have been targeted.

Source: analytical report from the Cybersecurity and Infrastructure Security Agency (CISA) of the US Department of Homeland Security

Details: The report says that a unit of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation – the 85th Main Special Service Centre (military unit 26165), also known in the cybersecurity community under names such as Fancy Bear, APT28, Forest Blizzard or BlueDelta – has significantly increased cyber operations against Western infrastructure since late February 2022.

The main targets of the campaign have been logistics companies, IT businesses and transport infrastructure that coordinate, transport and deliver foreign assistance to Ukraine.

Quote: "These actors have targeted entities associated with the following verticals within NATO member states, Ukraine, and at international organisations:

Defence industry

Transport and transport hubs (ports, airports, etc.)

Maritime

Air traffic management

IT services"

Details: Reconnaissance was also recorded against at least one business involved in manufacturing components for industrial control systems (ICS), specifically for railway management.

One of the priority targets for Russian hackers has been transport waybills, including information on train, aircraft and container numbers that clearly show what exactly is heading to Ukraine and when.

The report stated that thousands of IP cameras at border checkpoints and railway hubs had been compromised, giving Russian intelligence the ability to monitor humanitarian assistance convoys in real time.

The cyberattacks have affected at least 13 countries, including Czechia, Germany, Poland, Romania, Ukraine and the United States.

