UK and allies expose Russian intelligence campaign targeting western logistics and technology organisations

• A Russian intelligence malicious cyber campaign targeting organisations, including those involved in delivery of foreign assistance to Ukraine, has been revealed.
• GRU Unit 26165’s malicious activity includes credential guessing, spear-phishing and exploiting Microsoft Exchange mailbox permissions, as well as targeting internet-connected cameras at Ukrainian border crossings and near military installations.
• UK organisations urged by GCHQ’s National Cyber Security Centre to familiarise themselves with the threat and take immediate action to protect themselves.
• It comes as the UK continues to ramp up pressure on Putin as Russia continues its invasion of Ukraine.

The UK government and international allies have today exposed Russia’s military intelligence service for a campaign of malicious cyber activity against western logistics entities and technology companies.

In a new advisory, the UK’s National Cyber Security Centre – a part of GCHQ – and partners from ten countries have revealed details about how military unit 26165 of Russia’s GRU has conducted a malicious cyber campaign against both public and private organisations since 2022.

This has included targeting of organisations involved in the co-ordination, transport and delivery of support to Ukraine, and across the defence, IT services, maritime, airports, ports and air traffic management systems sectors in multiple NATO members.

Unit 26165 – also known as APT 28 – was able to gain initial access to victim networks using a mix of previously disclosed techniques, including credential guessing, spear-phishing and exploitation of Microsoft Exchange mailbox permissions. They also targeted internet-connected cameras at Ukrainian border crossings and near military installations to monitor and track aid shipments to Ukraine.

The UK’s support for Ukraine remains steadfast as it continues to suffer Russia’s barbaric war. In total, the UK has committed £13 billion in military aid, and this week 100 new sanctions on Russia were announced, targeting entities supporting its military, energy, and financial institutions. This followed Russia launching its biggest drone attack of the war last weekend.

Supporting UK organisations to stay resilient to cyber threats is helping to secure the foundations for the government’s Plan for Change in a more volatile and unstable world. Along with details of the threat, the advisory includes mitigation advice to help defend against the malicious activity.