Russian military hackers 'Fancy Bear' target Western aid supply chains to Ukraine, NSA report says

Published connected 23/05/2025 - 11:02 GMT+2•Updated 13:11

Hackers linked to Russian subject intelligence person targeted Western logistics and exertion firms progressive successful transporting assistance to Ukraine, nan US National Security Agency (NSA) said.

The cyber operation, attributed to nan notorious Russian subject intelligence agency GRU portion 26165, amended known arsenic Fancy Bear, sought to stitchery accusation connected nan types and timing of assistance entering Ukraine. 

According to nan NSA's study published precocious Wednesday, nan run aimed to breach companies successful nan defence, carrier and logistics sectors crossed aggregate Western countries, including nan US. It besides targeted ports, airports and railway infrastructure.

As portion of nan operation, hackers attempted to entree footage from much than 10,000 internet-connected cameras — some backstage and nationalist — situated adjacent strategical transit points specified arsenic separator crossings, ports and obstruction hubs. 

While nan mostly of these cameras were located successful Ukraine, others were based successful neighbouring countries including Poland, Romania and elsewhere successful eastbound and cardinal Europe.

The cyber attacks reportedly began successful 2022, erstwhile Russia launched its full-scale penetration of Ukraine. Authorities person not disclosed really successful nan hackers were aliases really agelong they remained undetected.

The NSA, on pinch nan FBI and cybersecurity agencies from allied nations, warned that Russia is apt to proceed its surveillance efforts and advised companies progressive successful support transportation to stay vigilant.

“To take sides against and mitigate these threats, at-risk entities should expect targeting,” nan NSA said successful nan advisory.

The hackers employed spearphishing strategies — sending deceptive, official-looking messages designed to extract delicate accusation aliases instal malware — arsenic good arsenic exploiting vulnerabilities successful distant entree devices typically utilized successful mini aliases location agency networks, which often deficiency enterprise-level protection.

Grant Geyer, main strategy serviceman astatine cybersecurity patient Claroty, said nan hackers’ methods were not particularly blase but were methodically executed. 

“They person done elaborate targeting crossed nan full proviso concatenation to understand what instrumentality is moving, erstwhile and really — whether it’s by aircraft, vessel aliases rail,” he noted.

Geyer warned that nan intelligence gathered could thief Russia refine its subject strategy aliases perchance scheme early cyber aliases beingness disruptions to Ukraine's assistance routes.

In a related move past autumn, US intelligence agencies issued guidance urging US defence contractors and logistics firms to bolster their cybersecurity, pursuing a bid of suspected Russian-linked sabotage incidents successful Europe.

Evidence gathered by Western countries complete nan years has shown that Fancy Bear has been down a slew of attacks connected Ukraine, Georgia and NATO, arsenic good arsenic governmental enemies of nan Kremlin, world journalists and others.