The UK's National Cyber Security Centre, in collaboration with allies, has revealed a malicious cyber campaign by Russian military unit GRU Unit 26165, also known as Fancy Bear. This operation has targeted various organizations involved in providing assistance to Ukraine, employing sophisticated hacking methods to access thousands of surveillance cameras and disrupt support efforts.
UK's Cybersecurity Agency Unveils Russian Hacking Campaign Aimed at Ukraine Support
UK's Cybersecurity Agency Unveils Russian Hacking Campaign Aimed at Ukraine Support
A joint investigation reveals a Russian military cyber operation targeting organizations supporting Ukraine, exposing vulnerabilities and threats from hacking techniques.
The UK's National Cyber Security Centre (NCSC) has revealed a "malicious cyber campaign" orchestrated by a Russian military unit, targeting multiple organizations that provide support to Ukraine. This investigation, conducted in collaboration with allies including the United States, Germany, and France, highlights the ongoing threat posed by cyber operations initiated by Russian intelligence since 2022.
According to the report, various entities—ranging from public to private sectors, including defense, IT services, and logistics—have been under siege. The cyber attacks were executed by the GRU Unit 26165, commonly referred to as Fancy Bear. This notorious hacking group, infamous for its prior cyber intrusions including the hacking of the World Anti-Doping Agency and the US 2016 Democratic National Committee breach, has employed an array of sophisticated hacking maneuvers to infiltrate targeted networks.
Notably, these hackers accessed approximately 10,000 internet-connected cameras at strategic locations, including military installations and rail stations, to monitor the flow of aid to Ukraine. In addition to this intrusive surveillance, the report indicates that Russian cyber actors exploited legitimate municipal services, utilizing traffic cameras for their espionage functions.
Paul Chichester, NCSC Director of Operations, expressed grave concerns about the security risks posed to organizations delivering assistance to Ukraine, urging them to adopt preventive measures against potential cyber threats. John Hultquist, chief analyst at Google Threat Intelligence Group, warned that any organization involved in logistical support to Ukraine is at risk from Russian military intelligence and suggested that these incursions might herald more severe actions to come.
The advisory issued by NCSC outlined that the Fancy Bear group aimed at compromising critical infrastructures such as ports, airports, and air traffic management systems across Europe and the US. Hackers have been reported to use various techniques to breach systems, including password guessing and spearphishing, where targeted emails lure individuals into revealing their login information.
Furthermore, exploiting a vulnerability in Microsoft Outlook allowed hackers to capture credentials through engineered calendar invitations, a tactic that has been employed by Fancy Bear for over a decade. Cybersecurity experts, including those from Dragos, noted that the overarching intent behind these incursions is not only to glean valuable information but also potentially to facilitate disruptive attacks on essential services.
As the situation unfolds, organizations and individuals engaged in providing support to Ukraine must remain vigilant in safeguarding their systems against these ongoing cyber threats.
