British authorities, alongside international partners, have revealed a large-scale Russian state-sponsored cyber operation dating back to early 2022.
The campaign, led by Russia’s military intelligence service (GRU), has focused on disrupting any effort to provide support to Ukraine. Targets have included technology and logistics companies, airports, air traffic control systems, and surveillance cameras.
Essentially, any movement or infrastructure aiding Ukraine’s war effort has been under Kremlin surveillance.
Paul Chichester, director at the UK National Cyber Security Centre (NCSC), warned of the serious risk posed by this campaign: “This malicious campaign by Russia’s military intelligence service presents a serious risk to targeted organisations, including those involved in the delivery of assistance to Ukraine.”
A joint report by the UK and allied nations revealed that Russian operatives monitored shipments of aid entering Ukraine, infiltrating around 10,000 cameras near military installations and rail stations to track materials.
The report also noted the misuse of legitimate municipal services such as traffic cameras to support surveillance efforts.
The elite hacking group behind the campaign has been identified as GRU Unit 26165, also known by code names such as Fancy Bear and BlueDelta. Recognised as one of Russia’s most notorious cyber units, they have been linked to previous high-profile attacks, including targeting anti-doping agencies following Russia’s Olympic doping ban.
The British government highlighted that in the wake of Russia’s full-scale invasion of Ukraine in February 2022, state-sponsored cyber operations surged. Unit 26165 intensified espionage activities, especially against logistics firms and technology companies aiding Ukraine’s defence.
“As Russian military forces failed to meet their objectives and Western countries provided aid to support Ukraine’s territorial defence, Unit 26165 expanded its targeting of logistics entities and technology companies involved in the delivery of aid,” the statement said.
The group also targeted internet-connected cameras at Ukrainian border crossings to monitor and track aid shipments.
Authorities continue to monitor the situation and support affected organisations in strengthening their cyber defences.
