Russian Hackers Spied on Border Cameras to Track Ukraine Aid, UK Intel Says

Russian military hackers tried to break into border security cameras to spy on and disrupt the delivery of Western aid to Ukraine, according to British intelligence officials and their allies.

The UK’s National Cyber Security Centre (NCSC) said in an advisory note that Russia’s GRU Unit 26165, also known as Fancy Bear or APT28, led a wide-ranging cyber campaign targeting both public and private organizations in NATO countries since 2022.

The hackers reportedly gained access to about 10,000 cameras near border crossings, rail stations, and military sites – mostly in Ukraine, but also in Romania, Poland, Hungary, and Slovakia – to track the movement of aid shipments.

“These actors likely used access to private and municipal cameras to monitor supplies entering Ukraine,” the NCSC said in a joint advisory with cyber agencies from the United States, France, Germany, and other allied nations.

Officials said the hackers used stolen passwords and phishing emails containing pornography and fake job information to break into systems. In one case, they used voice phishing by pretending to be IT staff to access secure accounts.

The phishing emails often came from hacked accounts or public webmail services and were written in the recipient’s native language. Topics ranged from professional matters to adult content.

The cyber campaign also included efforts to collect sensitive information such as shipping manifests and train schedules related to aid deliveries.

Other Topics of Interest

Turkey Offers to Host Ukraine-Russia Peace Talks

Turkish Foreign Minister Hakan Fidan announced that Ankara is prepared to host a new round of peace negotiations between Ukraine and Russia.

“This malicious campaign by Russia’s military intelligence service presents a serious risk to targeted organizations, including those delivering assistance to Ukraine,” said Paul Chichester, the NCSC’s director of operations.

He urged companies to take immediate steps to protect themselves, including using strong multi-factor authentication, monitoring networks closely, and keeping software up to date.

The joint advisory was issued by cyber agencies from 11 countries, including the UK, US, Germany, Poland, Canada, Australia, France, Denmark, the Netherlands, Estonia, and the Czech Republic.

GRU Unit 26165 has previously been blamed for cyberattacks on the World Anti-Doping Agency and for the 2016 hacking of the US Democratic National Committee.