UK and allies expose Russian cyber campaign targeting western logistics and tech entities
Above: The National Cyber Security Centre (NCSC), Nova South, London.
Image by Simona Flamigni / copyright Shutterstock
In a new advisory, the UK's National Cyber Security Centre (NCSC) – a part of GCHQ – and partners from 10 countries have revealed details about how military unit 26165 of Russia’s GRU has conducted a malicious cyber campaign against both public and private organisations since 2022.
This has included targeting of organisations involved in the coordination, transport and delivery of support to Ukraine and across the defence, IT services, maritime, airports, ports and air traffic management systems sectors in multiple NATO members.
Unit 26165 – also known as APT 28 – was able to gain initial access to victim networks using a mix of previously disclosed techniques, including credential guessing, spear-phishing and exploitation of Microsoft Exchange mailbox permissions. They also targeted internet-connected cameras at Ukrainian border crossings and near military installations to monitor and track aid shipments to Ukraine.
The UK’s support for Ukraine remains steadfast as it continues to suffer Russia’s barbaric war. In total, the UK has committed £13 billion in military aid, and this week 100 new sanctions on Russia were announced, targeting entities supporting its military, energy and financial institutions. This followed Russia launching its biggest drone attack of the war last weekend.
Supporting UK organisations to stay resilient to cyber threats is helping to secure the foundations for the government’s Plan for Change in a more volatile and unstable world. Along with details of the threat, the advisory includes mitigation advice to help defend against the malicious activity.
Paul Chichester, NCSC Director of Operations, said: "This malicious campaign by Russia’s military intelligence service presents a serious risk to targeted organisations, including those involved in the delivery of assistance to Ukraine.
"The UK and partners are committed to raising awareness of the tactics being deployed.
"We strongly encourage organisations to familiarise themselves with the threat and mitigation advice included in the advisory to help defend their networks."
Executives and network defenders at technology and logistics companies should recognise the elevated threat of targeting and take immediate action to protect themselves.
Actions include increasing monitoring, using multi-factor authentication with strong factors – such as passkeys – and ensuring security updates are applied promptly to manage vulnerabilities.
The NCSC has co-sealed this advisory alongside agencies from the United States, Germany, Czech Republic, Poland, Australia, Canada, Denmark, Estonia, France and the Netherlands.
To download the advisory in full, click here
