Russian military hackers target Western aid supply chains to Ukraine, US security agency report says

The hacking effort, attributed to the group Fancy Bear, used tactics such as spearphishing and exploiting weak security in small office networks.

Hackers linked to Russian military intelligence have targeted Western logistics and technology firms involved in transporting aid to Ukraine, the US National Security Agency (NSA) said.The cyber operation, attributed to the notorious Russian military intelligence agency GRU unit 26165, better known as Fancy Bear, sought to gather information on the types and timing of assistance entering Ukraine. According to the NSA's report published late Wednesday, the campaign aimed to breach companies in the defence, transport and logistics sectors across multiple Western countries, including the US. It also targeted ports, airports and railway infrastructure.As part of the operation, hackers attempted to access footage from more than 10,000 internet-connected cameras — both private and public — situated near strategic transit points such as border crossings, ports and rail hubs. While the majority of these cameras were located in Ukraine, others were based in neighbouring countries including Poland, Romania and elsewhere in eastern and central Europe.The cyber attacks reportedly began in 2022, when Russia launched its full-scale invasion of Ukraine. Authorities have not disclosed how successful the hackers were or how long they remained undetected.The NSA, along with the FBI and cybersecurity agencies from allied nations, warned that Russia is likely to continue its surveillance efforts and advised companies involved in support delivery to remain vigilant.“To defend against and mitigate these threats, at-risk entities should anticipate targeting,” the NSA said in the advisory.The hackers employed spearphishing tactics — sending deceptive, official-looking messages designed to extract sensitive information or install malware — as well as exploiting vulnerabilities in remote access devices typically used in small or home office networks, which often lack enterprise-level protection.Grant Geyer, chief strategy officer at cybersecurity firm Claroty, said the hackers’ methods were not especially sophisticated but were methodically executed. “They have done detailed targeting across the entire supply chain to understand what equipment is moving, when and how — whether it’s by aircraft, ship or rail,” he noted.Geyer warned that the intelligence gathered could help Russia refine its military strategy or potentially plan future cyber or physical disruptions to Ukraine's aid routes.In a related move last autumn, US intelligence agencies issued guidance urging US defence contractors and logistics firms to bolster their cybersecurity, following a series of suspected Russian-linked sabotage incidents in Europe.Evidence gathered by Western countries over the years has shown that FancyBear has been behind a slew of attacks on Ukraine, Georgia and NATO, as well as political enemies of the Kremlin, international journalists and others.