Escalating Cyber Attacks on Businesses Supporting Ukraine, Warn Western Countries
In a united front, cybersecurity and intelligence agencies from Australia, Canada, the Czech Republic, Denmark, Estonia, France, Germany, the Netherlands, Poland, the UK, alongside the FBI, NSA, CISA, the U.S. Department of Defense Cyber Crime Center, and U.S. Cyber Command have issued a joint cyber threat advisory. The advisory warns of an ongoing and extensive cyber espionage campaign by the Russian state-linked hacking group, Fancy Bear (also known as APT28 or GRU Unit 26165), targeting Western companies that support Ukraine.
The focus of Fancy Bear's ongoing cyber espionage campaigns is on Western logistics and technology companies that provide support to Ukraine and NATO defense efforts. These companies span various transportation modes including air, sea, and rail. The group has conducted widespread infiltration and surveillance operations, including hacking thousands of internet-connected cameras across at least 13 countries near border crossings and logistics hubs, allowing Russia to monitor Western military aid and logistics activities in real-time.
The campaign targets both government and private/commercial entities involved in delivering weapons, ammunition, satellite imagery, and humanitarian aid to Ukraine. This strategic effort by Russia aims to disrupt and monitor support networks. The advisory emphasises the need for heightened cybersecurity measures and international cooperation to counter and mitigate the threat posed by these Russian state-sponsored cyber operations.
The techniques used by Russian hackers include brute-force password cracking, spear-phishing, delivering malware, and exploiting vulnerabilities in Microsoft Outlook and other software programs. Russia has deployed malware such as HEADLACE and MASEPI in these attacks. The stolen information includes route details and cargo contents, posing a significant threat to the security of these companies and the aid they are providing.
The advisory warns that similar targeting and TTP use is expected to continue. Russia maintains persistence on victim networks through built-in Windows features such as scheduled tasks. The targeting includes defense contractors, transportation facilities, maritime operators, air traffic control systems, and IT service providers.
In summary, Fancy Bear remains actively engaged in a sophisticated, coordinated cyber espionage campaign targeting Western companies supporting Ukraine, with a clear intent to monitor and potentially disrupt logistics and technology sectors critical to Ukraine's defense. The advisory underscores the importance of increased vigilance and collaboration among nations to counter these threats and protect critical infrastructure.
- The cyber espionage activities of Fancy Bear have increasingly targeted logistics and technology companies that support Ukraine and NATO, underscoring the need for heightened cybersecurity measures.
- The Russian state-linked hacking group Fancy Bear, also known as APT28 or GRU Unit 26165, has been using spear-phishing, malware, and exploiting vulnerabilities in Microsoft Outlook and other software programs to steal sensitive information from their targets.
- The growing concern about Fancy Bear's campaign is that it not only aims to monitor Western military aid and logistics activities, but also poses a significant threat to the security of Western companies and the aid they are providing.
- The ongoing cyber threat advisory, issued by various international cybersecurity and intelligence agencies, highlights that the tactics, techniques, and procedures used by Russia in these operations are likely to continue, targeting defense contractors, transportation facilities, maritime operators, air traffic control systems, and IT service providers.
