Western intelligence agencies unite to expose Russian hacking campaign against logistics and tech firms The Record from Recorded Future News

pppLeadershipppCybercrimeppNationstateppElectionsppTechnologyppCyber DailyppClick Here Podcastpp Free Newsletterpp A notorious Russian hacking unit was blamed on Wednesday for conducting a widespread campaign that officials say presents a serious risk to the targeted organizations and sectors in more than a dozen countries pp In a joint cybersecurity advisory cosealed by what appears to be a record number of allied countries 11 and intelligence agencies 21 the hacking group widely known as Fancy Bear BlueDelta and APT28 was accused of being behind attempted digital breakins at multiple Western logistics providers and technology firms pp Dozens of entities including government organizations and privatecommercial entities across virtually all transportation modes air sea and rail have been targeted in the campaign within NATO member states within Ukraine and at international organisations according to the advisory pp Alongside the espionageoriented campaign the hackers are also believed to have accessed legitimate municipal traffic cams as well as private cameras at key locations such as near border crossings military installations and rail stations to track the movement of materials into Ukraine pp The hackers also conducted reconnaissance on at least one entity involved in the production of industrial control system components for railway management though a successful compromise was not confirmed warned the advisory pp The intelligence agencies formally attributed the attacks to the 85th Main Special Service Center 85th GTsSS military unit 26165 of Russias military intelligence agency the GRU and acknowledged the hacking units campaigns were tracked under a number of names including Fancy Bear and APT 28 pp Although the campaign did not utilize any novel techniques with the hackers described as gaining initial access to their victims networks by using a mix of previously disclosed techniques including credential guessing spearphishing and exploitation of Microsoft Exchange mailbox permissions the widespread nature of the campaign has prompted the advisory encouraging potential victims to shore up their defenses pp Paul Chichester the director of operations at Britains National Cyber Security Centre NCSC said This malicious campaign by Russias military intelligence service presents a serious risk to targeted organisations including those involved in the delivery of assistance to Ukraine pp The UK and partners are committed to raising awareness of the tactics being deployed We strongly encourage organisations to familiarise themselves with the threat and mitigation advice included in the advisory to help defend their networks added Chichester pp The NCSC said that both executives at technology and logistics companies as well as network defenders needed to recognise the elevated threat of targeting and take immediate action to protect themselves pp Agencies from the UK US Germany France Canada Czechia Poland Australia Estonia Denmark and the Netherlands cosigned the advisory ppAlexander Martinppis the UK Editor for Recorded Future News He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research InitiativeppPrivacyppAboutppContact Uspp Copyright 2025 The Record from Recorded Future Newsp