The U.S. and allied governments said Wednesday that Russia’s military intelligence targeted technology and logistics companies, particularly those involved in the delivery of aid to Ukraine.
The FBI, the National Security Agency and the Cybersecurity and Infrastructure Security Agency were among the co-authoring agencies warning about hacks by Russia’s GRU “unit 26165,” also known as Fancy Bear.
“The GRU unit 26165 cyber campaign against Western logistics providers and technology companies has targeted dozens of entities, including government organizations and private/commercial entities across virtually all transportation modes: air, sea, and rail,” the agencies said in a joint cybersecurity advisory from the U.S. and officials of 10 other nations.
The Russian hackers also sought access to IP cameras for visibility into sensitive locations.
“In addition to targeting logistics entities, unit 26165 actors likely used access to private cameras at key locations, such as near border crossings, military installations, and rail stations, to track the movement of materials into Ukraine,” the advisory said. “The actors also used legitimate municipal services, such as traffic cams.”
The overwhelming majority, 81%, of targeted IP cameras appeared to be in Ukraine, according to a sample of targeted cameras. The next most targeted locations included Romania, Poland, Hungary and Slovakia.
The full list of the hackers’ suspected targets is broad, including airports and other transportation hubs, air traffic management, the defense industry, the IT services industry and more. The advisory identified the U.S. as among the countries targeted by the hackers.
“Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise (IOCs), and posture network defenses with a presumption of targeting,” the advisory said.
The full list of the advisory’s co-authors included government agencies from the U.S., the United Kingdom, Australia, Canada, the Czech Republic, Denmark, Estonia, France, Germany, the Netherlands and Poland.
