APT28 Escalates Cyber-Espionage Campaign Targeting Ukraine Aid Logistics

A Russian military cyber unit, known as APT28 or “Fancy Bear,” has intensified its cyber-espionage efforts against organisations supporting Ukraine, according to a joint advisory issued by the UK’s National Cyber Security Centre (NCSC) and allied intelligence agencies including the US and Australia. Operating under Russia’s military intelligence agency (GRU) as Unit 26165, APT28 has […]

Posted: Thursday, May 22

KBI.Media
$
APT28 Escalates Cyber-Espionage Campaign Targeting Ukraine Aid Logistics

APT28 Escalates Cyber-Espionage Campaign Targeting Ukraine Aid Logistics

A Russian military cyber unit, known as APT28 or “Fancy Bear,” has intensified its cyber-espionage efforts against organisations supporting Ukraine, according to a joint advisory issued by the UK’s National Cyber Security Centre (NCSC) and allied intelligence agencies including the US and Australia.

Operating under Russia’s military intelligence agency (GRU) as Unit 26165, APT28 has been targeting logistics firms, defence contractors, and technology service providers across NATO countries and Ukraine. The group’s tactics include spear-phishing emails, brute-force attacks, and the exploitation of vulnerabilities in Microsoft Exchange servers to gain unauthorised access to sensitive information.

One notable aspect of the campaign involves the compromise of approximately 10,000 internet-connected surveillance cameras located near border crossings, rail stations, and military installations in Ukraine and neighbouring countries. These breaches allowed the hackers to monitor the movement of military aid and supplies into Ukraine.

John Hultquist, Chief Analyst at Google’s Threat Intelligence Group, emphasised the strategic intent behind these operations:

“Russian military intelligence has an obvious need to track the flow of material into Ukraine, and anyone involved in that process should consider themselves targeted. Beyond the interest in identifying support to the battlefield, there is an interest in disrupting that support through either physical or cyber means. These incidents could be precursors to other serious actions.”

The advisory also warns that APT28 has employed sophisticated social engineering techniques, including phishing emails with adult content and impersonation of IT staff through voice phishing, to deceive targets and gain access to critical systems.

In response to these threats, cybersecurity agencies from the UK, US, Australia, Germany, France, and other allied nations have urged organisations involved in supporting Ukraine to bolster their cybersecurity measures. Recommended actions include implementing multi-factor authentication, promptly applying security updates, and increasing network monitoring to detect and prevent unauthorised access.

APT28 has a history of high-profile cyberattacks, including the 2016 breach of the Democratic National Committee and the leaking of data from the World Anti-Doping Agency. Their current activities represent a significant escalation in cyber warfare tactics aimed at undermining Western support for Ukraine.

As the conflict in Ukraine continues, the international community remains vigilant against cyber threats posed by state-sponsored actors like APT28, recognizing the critical importance of securing digital infrastructure in the face of evolving cyber warfare strategies.