Russian hackers target aid logistics for Ukraine
- Russian military intelligence has targeted organizations providing assistance to Ukraine since 2022.
- A significant number of internet-connected cameras were infiltrated to monitor aid deliveries.
- This cyber espionage poses a serious risk to the effectiveness of international aid efforts.
In 2022, during its ongoing conflict with Ukraine, Russian military intelligence, specifically GRU Unit 26165, engaged in a cyber campaign aimed at Western technology and logistics firms involved in support to Ukraine. This operation was unveiled through a joint investigation conducted by the UK, US, Germany, and France, revealing attempts to infiltrate networks of organizations responsible for defense and logistics. The hacking efforts included methodologies such as password guessing and spearphishing, targeting individuals with access to sensitive systems, as well as exploiting security vulnerabilities in widely used software. The UK’s National Cyber Security Centre (NCSC) highlighted that Russian hackers managed to access approximately 10,000 internet-connected cameras near Ukrainian border crossings. These cameras were used to monitor aid shipments entering Ukraine, enabling attackers to observe the types and volumes of aid provided. By infiltrating such systems, the hackers aimed to gather detailed intelligence on the logistics of military and humanitarian assistance being transported into the nation, further complicating the efforts of Ukraine’s allies to support the country amid its conflict with Russia. The cyber campaign has been impeding not only logistics support but potentially influencing the strategic positioning of military resources by providing insights into the supply chain. Experts noted that such information could greatly aid Russian forces in refining their operations, thus escalating the ongoing conflict. The NCSC emphasized the significant risk posed by these cyber espionage activities, advocating for organizations involved in assistance programs to adopt countermeasures to protect their sensitive data and operational integrity. As a result of these findings, security agencies from ten NATO countries, alongside Australia, have been prompted to issue advisories aimed at raising awareness among potential targets in both public and private sectors. The operations conducted by the GRU have employed traditional techniques through spearphishing emails and exploiting known vulnerabilities in computer systems. The predictable nature and lack of innovation in their methods signal a consistent approach that has been used by Russian cyber units for over a decade, giving credence to the idea that Russian interference in Western operations might continue to manifest in various forms, not limited to direct cyber intrusions.