US report: Russian cyber army targets NATO and Ukrainian logistics in ongoing espionage campaign

A Russian state-sponsored espionage group has been systemically targeting Western logistics and technology companies involved in delivering international aid to Ukraine since 2022, according to a report by the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).

Their objective reportedly is to disrupt supply chains and gather intelligence.

“Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), military unit 26165 — tracked in the cybersecurity community under several names,” the report reads.

The hackers focus on logistics firms, IT companies, and transportation infrastructure that coordinate and facilitate international aid deliveries to Ukraine.

Targets include companies connected to the defense industry, transportation hubs such as ports and airports, maritime operations, air traffic control, and IT service providers.

Additionally, the group has conducted reconnaissance on at least one company producing components for industrial control systems, including railway management.

Hackers specifically probe transport documents containing details on trains, planes, and containers bound for Ukraine. 

According to reports, they have also gained access to thousands of IP cameras located at border crossings and railway junctions to monitor humanitarian shipments.

These cyberattacks have impacted at least 13 countries, including the Czech Republic, Germany, Poland, Romania, Ukraine, and the United States.