CyberSecurity news
@industrialcyber.co
//
A Russian state-sponsored cyber espionage campaign, attributed to the GRU's APT28 (also known as Fancy Bear or Forest Blizzard), has been actively targeting Western logistics entities and technology companies since 2022. This campaign focuses on organizations involved in the coordination, transport, and delivery of foreign assistance to Ukraine. The goal is to gain access to sensitive information and disrupt operations, presenting a serious risk to these targeted organizations and sectors across more than a dozen countries.
These Russian cyber actors have been using a mix of previously disclosed tactics, techniques, and procedures (TTPs), including credential brute force attacks, spear-phishing using multilingual lures, and malware delivery via malicious archives exploiting vulnerabilities. They've also been observed hacking into IP cameras at Ukrainian border crossings to monitor and track aid shipments. The GRU unit, known as military unit 26165, has been linked to compromising a wide array of entities, spanning air, sea, and rail transportation modes.
To defend against these threats, organizations are urged to familiarize themselves with the identified TTPs and indicators of compromise (IOCs), increase monitoring and threat hunting, and strengthen their network defenses. The attacks have targeted companies and government organizations in numerous countries, including Bulgaria, the Czech Republic, France, Germany, Greece, Italy, Moldova, the Netherlands, Poland, Romania, Slovakia, Ukraine, and the United States. The advisory is co-signed by over 20 agencies from multiple countries, underscoring the global nature of this threat.
ImgSrc: industrialcyber
References :
- Metacurity: This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies.
- NCSC News Feed: UK and allies expose Russian intelligence campaign targeting western logistics and technology organisations
- CyberInsider: Russian GRU Cyber Campaign Targets Western Logistics and Tech Firms
- securityonline.info: Russian GRU’s APT28 Targets Global Logistics Supporting Ukraine Defense
- securityonline.info: Russian GRU Targets Global Logistics Supporting Ukraine Defense
- www.cybersecuritydive.com: Russian stepping up attacks on firms aiding Ukraine, Western nations warn
- cyberinsider.com: Russian GRU Cyber Campaign Targets Western Logistics and Tech Firms
- BleepingComputer: A Russian state-sponsored cyberespionage campaign attributed to APT28 (Fancy Bear/Forest Blizzard) hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine.
- BleepingComputer: A Russian state-sponsored cyberespionage campaign attributed to APT28 (Fancy Bear/Forest Blizzard) hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine.
- securityaffairs.com: Russia-linked APT28 targets western logistics entities and technology firms
- Threats | CyberScoop: Multi-national warning issued over Russia’s targeting of logistics, tech firms
- socprime.com: russian GRU Unit 26156 Targets Western Logistics and Technology Companies Coordinating Aid to Ukraine in a Two-Year Hacking Campaign
- Blog: Russian APT28 targets Western firms supporting Ukraine
- SOC Prime Blog: Detect APT28 Attacks: russian GRU Unit 26156 Targets Western Logistics and Technology Companies Coordinating Aid to Ukraine in a Two-Year Hacking Campaign
- Metacurity: Russia's APT28 accused of infiltrating Western logistics, technology firms
- Resources-2: Russian APT28 (aka Fancy Bear/Unit 26165) targets Western logistics and tech firms in Ukraine aid tracking operation
- Virus Bulletin: Details a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies involved in the coordination, transport and delivery of foreign assistance to Ukraine.
- DataBreaches.Net: Western intelligence agencies unite to expose Russian hacking campaign against logistics and tech firms
- www.scworld.com: CISA warns Russia-linked group APT28 is targeting Western logistics and tech firms aiding Ukraine, posing an elevated threat to supply chains
- eSecurity Planet: Russian Hackers Target Western Firms Aiding Ukraine, Spy on Shipments
- www.esecurityplanet.com: Russian military hackers are targeting Western firms aiding Ukraine, using cyberespionage to infiltrate logistics networks and spy on arms shipments.
- cyberscoop.com: Multi-national warning issued over Russia’s targeting of logistics, tech firms
- industrialcyber.co: Russian GRU’s Unit 26165 conducts two-year cyber espionage on logistics, tech firms using IP cameras, supply chains
- www.csoonline.com: Russian APT28 compromised Western logistics and IT firms to track aid to Ukraine
- Industrial Cyber: Russian GRU’s Unit 26165 conducts two-year cyber espionage on logistics, tech firms using IP cameras, supply chains
Classification:
- HashTags: #CyberEspionage #RussianGRU #UkraineAid
- Company: CISA
- Target: Western logistics and technology organizations
- Attacker: Russian GRU
- Product: Network infrastructure
- Feature: Cyber Espionage
- Malware: APT28
- Type: Espionage
- Severity: Major