The United Kingdom, in collaboration with international allies, has exposed a sophisticated Russian cyber campaign aimed at disrupting support for Ukraine. The UK's National Cyber Security Centre (NCSC) identified the operation as being orchestrated by Russia's military intelligence service, targeting organizations involved in delivering aid to Ukraine.

The cyber activities, attributed to the notorious GRU Unit 26165—also known as Fancy Bear—have been ongoing since 2022. They have compromised public and private entities across sectors such as logistics, defense, IT services, and critical infrastructure, including ports and air traffic management systems.

A notable aspect of the campaign involved hacking into approximately 10,000 internet-connected cameras, primarily at Ukrainian border crossings, rail stations, and military sites. These breaches allowed Russian operatives to monitor aid shipments, track movements, and potentially gather intelligence for further disruptive actions.

The attackers employed various techniques, including spear-phishing emails with deceptive content, exploiting vulnerabilities in software like Microsoft Outlook, and impersonating IT personnel through voice phishing to extract sensitive information.

Paul Chichester, NCSC Director of Operations, emphasized the serious risk posed by this campaign to organizations supporting Ukraine. He urged affected entities to familiarize themselves with the threat and implement recommended cybersecurity measures to defend their networks.

John Hultquist, chief analyst at Google's Threat Intelligence Group, warned that these cyber incidents could be precursors to more severe actions, highlighting the attackers' interest in both identifying and disrupting support to Ukraine through physical or cyber means.