The U.S. National Security Agency (NSA) reported that hackers associated with Russian military intelligence have been targeting Western logistics and tech companies engaged in delivering assistance to Ukraine.
The cyber operation, linked to the well-known Russian military intelligence service GRU unit 26165—also recognized as Fancy Bear—was aimed at obtaining details about the kinds and schedule of aid flowing into Ukraine.
Based on the NSA’s report released late Wednesday, the operation was designed to infiltrate firms within the defense, transportation, and logistics industries spanning several Western nations, such as the United States. Additionally, it focused on critical infrastructures like ports, airports, and railways.
During the operation, hackers tried to obtain video feeds from over 10,000 web-linked cameras—ranging from personal devices to public surveillance—at critical transportation locations like border checkpoints, harbors, and railway centers.
Although most of these cameras were positioned in Ukraine, some were set up in nearby nations such as Poland, Romania, and various other parts of Eastern and Central Europe.
The cyber attacks reportedly began in 2022, when Russia launched its full-scale invasion of Ukraine. Authorities have not disclosed how successful the hackers were or how long they remained undetected.
The NSA, together with the FBI and cyber security organizations from partner countries, cautioned that Russia is expected to keep up its monitoring activities and urged businesses engaged in service provision to stay alert.
“To protect against and reduce these risks, vulnerable organizations should prepare for potential attacks,” the NSA stated in the advisory.
The attackers utilized spear phishing techniques—sending misleading emails made to look authentic with the aim of obtaining confidential data or deploying malicious software—as well as taking advantage of weaknesses in remote-access tools commonly found in SOHO (small office/home office) setups, where such protections are usually not at an enterprise level.
Grant Geyer, who holds the position of Chief Strategy Officer at the cybersecurity company Claroty, stated that the techniques used by the hackers weren’t particularly advanced but were carried out with careful precision.
“They have conducted comprehensive targeting throughout the complete supply chain to determine which equipment is being transported, along with the timing and methods involved—regardless of whether it’s via aircraft, vessel, or railway,” he pointed out.
Geyer cautioned that the information collected might enable Russia to enhance its military tactics or possibly orchestrate upcoming cyberattacks or physical obstructions to disrupt supply lines aiding Ukraine.
Last fall, U.S. intelligence organizations released recommendations advising American defense suppliers and logistical companies to strengthen their cyber defenses after a number of alleged Russian-backed disruption events occurred across Europe.
The evidence amassed by Western nations throughout the years indicates that Fancy Bear has orchestrated numerous assaults on Ukraine, Georgia, and NATO, along with political adversaries of the Kremlin, global journalists, and various other targets.
