Eleven Western countries – the US, UK, Germany, Czech Republic, Poland, Australia, Canada, Denmark, Estonia, France and the Netherlands – have accused Russia’s notorious military intelligence group of targeting defence, transport and technology companies involved in providing aid to Ukraine, on Wednesday, the 21st of May, reports Politico and The Guardian.
Western countries issued a joint statement on Wednesday about the Russian state-sponsored campaign targeting organisations involved in “coordinating, transporting and delivering foreign aid to Ukraine”.
The countries said the Russian military intelligence Unit 26165 (GRU), known in the cybersecurity world as “Fancy Bear”, carried out the campaign for more than two years using a variety of tactics, including targeted fraudulent emails and stolen passwords.
They noted that Russian hackers involved in the campaign have attacked public organisations and private companies in the defence, transport, maritime, air traffic management and IT sectors.
Organisations in these sectors based in Bulgaria, the Czech Republic, France, Germany, Greece, Italy, Moldova, the Netherlands, Poland, Romania, Slovakia, Ukraine, the US and Germany were targeted, Wednesday’s statement said.
WESTERN COUNTRIES EXPLICITLY LINKED THE CYBER-ATTACKS TO THE RUSSIAN WAR IN UKRAINE, NOTING THAT THE ATTACKS INTENSIFIED AFTER FEBRUARY 2022.
Several Russian hacking groups increased their activity during this period, while Unit 26165 focused on espionage.
As Russian forces “failed to achieve their military objectives and Western countries provided assistance in support of Ukraine’s territorial defence, Unit 26165 expanded its targeting of logistical structures and technology companies involved in the delivery of aid,” they noted.
Unit 26165 also used private and urban traffic cameras at borders, military sites and railway stations to monitor materials entering Ukraine and at least one organisation dealing with rail industry control systems, Western countries said on Wednesday.
Some 10 000 cameras were allegedly hacked at “military sites and railway stations to monitor the movement of materials to Ukraine”, 80% of which were in Ukraine and 10% in Romania.
It is alleged that 4% of the cameras used were in Poland, 2.8% in Hungary and 1.7% in Slovakia. The locations of the other cameras used were not given. It is alleged that the hacking provided access to a “snapshot” of the camera images.
Other attempts were also made to collect sensitive transport information, such as train timetables and transport schedules, as alleged. “In at least one case, actors attempted to use voice phishing to gain access to privileged accounts by impersonating IT staff,” the national report said.
Unit 26165 was previously sanctioned by the EU for hacking the German Bundestag in 2015. It has also been linked to the hacking of the US Democratic National Committee in 2016 and the hacking of the email accounts of then-Chancellor Olaf Scholz’s Social Democratic Party in 2022 and 2023.
More recently, France accused it of orchestrating cyber-attacks against President Emmanuel Macron’s 2017 election campaign.