Intelligence agencies from the United Kingdom and its partner countries have asserted that Russia made efforts to compromise border security cameras. The objective was to observe and interfere with the transit of Western assistance entering Ukraine. A specific division of Russia's military intelligence, GRU Unit 26165, also identified as APT 28 and Fancy Bear, is reported to have employed various tactics against organizations involved in providing this "foreign assistance." These methods included hacking into cameras situated at border crossings, railway stations, and in the vicinity of military facilities.
The GRU unit is also accused of dispatching deceptive phishing emails, which contained adult material and fabricated professional details, as well as utilizing stolen account credentials to infiltrate targeted systems. This harmful online campaign has reportedly been active against public and private entities in NATO member states since two thousand twenty-two. The UK’s National Cyber Security Centre (NCSC), a component of GCHQ, released an advisory urging private firms engaged in aid delivery to "take immediate action to protect themselves." The advisory detailed that "unit 26165 actors likely used access to private cameras at key locations... to track the movement of materials into Ukraine," and also exploited "legitimate municipal services, such as traffic cams."
Approximately ten thousand cameras were reportedly accessed, with eighty percent located in Ukraine and ten percent in Romania. Further, four percent of the targeted cameras were in Poland, two point eight percent in Hungary, and one point seven percent in Slovakia. This hacking would have granted "snapshot" access to the camera feeds. Additional attempts were allegedly made to acquire sensitive information regarding shipments, like train timetables and shipping documents. An advisory from ten nations, including the US, France, and Germany, noted, "In at least one instance, the actors attempted to use voice phishing to gain access to privileged accounts by impersonating IT staff." Spearphishing emails covered diverse subjects, from professional matters to adult content, often sent from compromised or free webmail accounts in the recipient's native language.
Paul Chichester, NCSC’s director of operations, emphasized the "serious risk" posed by this Russian campaign and the UK's commitment with partners to highlight these tactics. Suggested protective measures include enhanced monitoring, robust multi-factor authentication like passkeys, and prompt application of security updates. This Russian unit has previously been linked to leaking World Anti-Doping Agency data and was involved in the two thousand sixteen cyber-attack on the Democratic National Committee in the US.
