Businesses have been warned to be vigilant to an increased risk of cyber attacks after the UK and international allies exposed Russia’s military intelligence service for a campaign of malicious cyber activity against western logistics entities and technology companies.

In a new advisory, the UK’s National Cyber Security Centre and partners from ten countries have revealed details about how military unit 26165 of Russia’s GRU has conducted a cyber campaign against both public and private organisations since 2022. This has included targeting of organisations involved in the co-ordination, transport and delivery of support to Ukraine, and across the defence, IT services, maritime, airports, ports and air traffic management systems sectors in multiple NATO member countries.

Unit 26165 – also known as APT 28 – was able to gain initial access to victim networks using a mix of previously disclosed techniques, including credential guessing, spear-phishing and exploitation of Microsoft Exchange mailbox permissions. They also targeted internet-connected cameras at Ukrainian border crossings and near military installations to monitor and track aid shipments to Ukraine.

Along with details of the threat, the advisory includes mitigation advice to help defend against the malicious activity. Actions include increasing monitoring, using multi-factor authentication with strong factors such as passkeys, and ensuring security updates are applied promptly to manage vulnerabilities.

Paul Chichester, NCSC director of operations, said: “This malicious campaign by Russia’s military intelligence service presents a serious risk to targeted organisations, including those involved in the delivery of assistance to Ukraine. The UK and partners are committed to raising awareness of the tactics being deployed.

“We strongly encourage organisations to familiarise themselves with the threat and mitigation advice included in the advisory to help defend their networks.”

---