UK exposes ‘malicious’ Russian cyber campaign targeting western defence

Russian military intelligence has carried out a “malicious cyber campaign” against a raft of key western logistic and tech companies for years, an investigation by the UK Government and its allies has found.

The inquiry carried out by the UK National Cyber Security Centre (NCSC) in partnership with ten international allies, found the state-sponsored cyber operation has been live since 2022.

Organisations impacted by the cyber campaign included those involved in the delivery of support to Ukraine as well as in the transport and defence sectors, according to the NCSC report.

The unit responsible for the hack, GRU Unit 26165, is better known in the cyber community by other names such as Fancy Bear and Forest Blizzard.

Paul Chichester, NCSC director of operations, said: “This malicious campaign by Russia’s military intelligence service presents a serious risk to targeted organisations, including those involved in the delivery of assistance to Ukraine.

“The UK and partners are committed to raising awareness of the tactics being deployed.

“We strongly encourage organisations to familiarise themselves with the threat and mitigation advice included in the advisory to help defend their networks.”

The investigation revealed the cyber group was able to gain initial access to victim networks using a mix of previously disclosed techniques, including credential guessing, spear-phishing and exploitation of Microsoft Exchange mailbox permissions.

Spear-phishing is a type of phishing campaign that targets a specific person or group and often will include information known to be of interest to the targe

The report also said around 10,000 cameras were targeted, mostly those placed in Ukrainian border crossings and near military installations used to monitor and track aid shipments to Ukraine.

The NSCS warned executives and network defenders that technology and logistics firms they were under “elevated threat” and urged them to take “immediate action to protect themselves”.
The report comes after Russia launched its largest drone attack since its invasion of Ukraine in 2022.