Russian military intelligence service GRU attempted to disrupt the flow of western aid to Ukraine by hacking into surveillance cameras positioned at key logistical points across Europe, The Guardian reported on 21 May. The claim was made in an advisory issued by the UK’s National Cyber Security Centre (NCSC), and supported by intelligence agencies from 10 other countries including the US, France, Germany, and Poland.
Known as APT 28 or Fancy Bear, GRU Unit 26165 is tied to Russian military intelligence and has led major cyber operations. These include leaking World Anti-Doping Agency data and the 2016 attack on the Democratic National Committee. It typically employs spearphishing and malware.
Unit 26165 is alleged to have infiltrated cameras located at rail stations, military installations, and border crossings. According to the advisory, “unit 26165 actors likely used access to private
cameras at key locations […] to track the movement of materials into Ukraine.” The advisory also states that they “used legitimate municipal services, such as traffic cams.”
Scale of hacked surveillance systems
Roughly 10,000 cameras were reportedly accessed during the operation. Of these, 80% were located in Ukraine, 10% in Romania, 4% in Poland, 2.8% in Hungary, and 1.7% in Slovakia. The location of the remaining targeted cameras was not disclosed. The NCSC said the intrusion gave the GRU access to “snapshots” of camera images showing material movements.
Russia behind multiple cyberattacks on French institutions that have escalated since 2021, says Paris
Additional cyber tactics deployed
Beyond accessing surveillance cameras, the advisory states that GRU operatives also sought sensitive logistics data, including train timetables and shipping manifests. They used spearphishing emails – phishing messages highly personalized for a specific organization – that featured adult material or fake professional content, often sent through hijacked or free email services.
Targeted organizations and UK’s warning
The targets included public and private organizations involved in delivering military and humanitarian aid to Ukraine. Paul Chichester, director of operations at the NCSC, said:
“This malicious campaign by Russia’s military intelligence service presents a serious risk to targeted organisations, including those involved in the delivery of assistance to Ukraine.”
Read also
-
Germany says Russia behind massive cyberattack last year after Berlin decided to send Ukraine tanks
-
Russia engages up to 640,000 troops against Ukraine, Kyiv’s top general says
-
The Times: UK sends Ukraine “Ikea-style” flat-packed decoys to mislead Russians
-
WSJ: Russia’s new intel dept orchestrates attacks across Europe