Since 2022, a hacker group funded by the Russian government has been conducting extensive cyberattacks against technology and logistics firms involved in delivering international aid to Ukraine. At least 13 NATO member countries and Ukraine have been targeted.
Source: analytical report from CISA, the U.S. Department of Homeland Security.
Details: According to the report, since late February 2022, a unit of the Russian GRU – the 85th Special Services Center (military unit 26165), known in the cybersecurity community as Fancy Bear, APT28, Forest Blizzard, or BlueDelta, has significantly ramped up cyber operations against Western infrastructure.
The main targets of the campaign have been logistics companies, IT firms, and transportation infrastructure that facilitate the coordination, transportation, and delivery of foreign aid to Ukraine.
According to the report: "Attackers targeted companies associated with the following sectors in NATO member countries, Ukraine, and international organizations:
- Defense industry
- Transport and transport hubs (ports, airports, etc.)
- Maritime sector
- Air traffic management
- IT services
Details: There has also been reconnaissance on at least one company that manufactures components for industrial control systems (ICS), particularly for rail control.
One of the priority targets for Russian hackers has been transport manifests, including information about train, aircraft, and container numbers that clearly indicate what is heading to Ukraine and when.
The report states that thousands of IP cameras at border crossings and railway hubs have been compromised, allowing Russian intelligence to monitor humanitarian aid convoys in real-time.
Cyberattacks have affected at least 13 countries, including: Czech Republic, Germany, Poland, Romania, Ukraine, and the United States.
