Since 2022, a state-sponsored hacker group has launched a large-scale cyber attack against logistics and technology firms involved in delivering international aid to Ukraine. At least 13 NATO countries and Ukraine have been targeted.

Source: analytical report from the Cybersecurity and Infrastructure Security Agency (CISA), U.S. Department of Homeland Security.

Details: According to the report, since late February 2022, a unit of the Russian GRU, known as the 85th Special Service Center (military unit 26165), also recognized as Fancy Bear, APT28, has significantly intensified cyber operations against Western infrastructure.

The primary targets of this campaign have been logistics companies, IT firms, and transportation infrastructure that facilitate the coordination, transportation, and delivery of foreign aid to Ukraine.

Quote: “Attackers targeted companies associated with these sectors in NATO member countries, Ukraine, and international organizations:

• Defense industry
• Transport and transport hubs (ports, airports, etc.)
• Maritime sector
• Air traffic management
• IT services

Details: Intelligence collection has also been documented against at least one company involved in manufacturing components for industrial control systems (ICS), particularly for railway management.

One of the main objectives for Russian hackers has been transport manifests, specifically information regarding the numbers of trains, planes, and containers that accurately indicate what is heading to Ukraine and when.

The report states that thousands of IP cameras at border crossing points and railway hubs have been compromised, allowing Russian intelligence to monitor humanitarian aid convoys in real-time.

Cyber attacks have affected at least 13 countries, including the Czech Republic, Germany, Poland, Romania, Ukraine, and the United States.