UK, Australia warn of Russian cyber moves over Ukraine

GRU Unit 26165 - also known as APT 28 or Fancy Bear - is said to have gained access to some networks using a range of techniques, including guessing log-in credentials and spear-phishing - where specific individuals or organisations are targeted in an effort to gain access to a network.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Sydney Morning Herald

21-05-2025

• Sydney Morning Herald

Australia accuses Russian hackers of spying on Ukraine aid routes and border cameras

London: A notorious Russian hacking group known as 'Fancy Bear' has been accused of orchestrating a cyber-espionage campaign targeting critical infrastructure and organisations aiding Ukraine's war effort. After a joint investigation with allies including the US, Germany and France, Australia's leading cyber intelligence and security agency joined in condemning the attacks in a cybersecurity advisory released on Wednesday. The statement attributed the cyberattacks to Russia's GRU, which is responsible for a wide-reaching campaign targeting both public and private sector entities involved in the coordination, delivery, and transport of foreign assistance to Ukraine. These included defence contractors, IT firms, air traffic management services, and maritime logistics providers across 12 countries, including Italy, Moldova, the Netherlands, Poland and Romania. It revealed that Fancy Bear employed a range of longstanding techniques to infiltrate networks, including spear phishing, credential theft, and exploiting known software vulnerabilities. Some of the spear phishing emails were tailored with professional and adult-themed content to deceive recipients into sharing login credentials or clicking malicious links. A particularly concerning aspect of the attack was the hackers' access to tens of thousands of internet-connected cameras, including municipal traffic cameras and private systems placed near key locations like border crossings, military installations, and rail stations. These were used to track the movement of aid shipments into Ukraine, potentially disrupting critical supply lines. The advisory also revealed that the hackers conducted reconnaissance on at least one company involved in producing components for railway management systems, although there was no confirmation of a successful breach. Dozens of entities, including government organisations and commercial entities across virtually all transportation modes – air, sea, and rail – have been targeted in the campaign within NATO member states, inside Ukraine, and at international organisations, according to the advisory. Alongside the 'espionage-oriented campaign,' the hackers are also believed to have accessed legitimate municipal traffic cams as well as 'private cameras at key locations, such as near border crossings, military installations, and rail stations, to track the movement of materials into Ukraine.'

The Age

21-05-2025

• The Age

Australia accuses Russian hackers of spying on Ukraine aid routes and border cameras

London: A notorious Russian hacking group known as 'Fancy Bear' has been accused of orchestrating a cyber-espionage campaign targeting critical infrastructure and organisations aiding Ukraine's war effort. After a joint investigation with allies including the US, Germany and France, Australia's leading cyber intelligence and security agency joined in condemning the attacks in a cybersecurity advisory released on Wednesday. Eleven Western countries have accused a notorious Russian military intelligence hacking group of targeting defense, transport and tech firms involved in helping Ukraine. Credit: AP The statement attributed the cyberattacks to Russia's GRU, which is responsible for a wide-reaching campaign targeting both public and private sector entities involved in the coordination, delivery, and transport of foreign assistance to Ukraine. These included defence contractors, IT firms, air traffic management services, and maritime logistics providers across 12 countries, including Italy, Moldova, the Netherlands, Poland and Romania. It revealed that Fancy Bear employed a range of longstanding techniques to infiltrate networks, including spear phishing, credential theft, and exploiting known software vulnerabilities. Some of the spear phishing emails were tailored with professional and adult-themed content to deceive recipients into sharing login credentials or clicking malicious links. A particularly concerning aspect of the attack was the hackers' access to tens of thousands of internet-connected cameras, including municipal traffic cameras and private systems placed near key locations like border crossings, military installations, and rail stations. These were used to track the movement of aid shipments into Ukraine, potentially disrupting critical supply lines. The advisory also revealed that the hackers conducted reconnaissance on at least one company involved in producing components for railway management systems, although there was no confirmation of a successful breach. Dozens of entities, including government organisations and commercial entities across virtually all transportation modes – air, sea, and rail – have been targeted in the campaign within NATO member states, inside Ukraine, and at international organisations, according to the advisory. Alongside the 'espionage-oriented campaign,' the hackers are also believed to have accessed legitimate municipal traffic cams as well as 'private cameras at key locations, such as near border crossings, military installations, and rail stations, to track the movement of materials into Ukraine.'

West Australian

21-05-2025

• West Australian

UK, Australia warn of Russian cyber moves over Ukraine

The United Kingdom and allies including Australia have issued an advisory warning of a Russian state-sponsored cyber campaign targeting the delivery of support to Ukraine and international logistics entities and technology companies. "This malicious campaign by Russia's military intelligence service presents a serious risk to targeted organisations, including those involved in the delivery of assistance to Ukraine," Paul Chichester, Director of Operations at the UK's National Cyber Security Centre (NCSC), said. The campaign has also targeted defence, IT services, maritime, airports, ports and air traffic management systems sectors in several members of the NATO military alliance, the NCSC statement said. GRU Unit 26165 - also known as APT 28 or Fancy Bear - is said to have gained access to some networks using a range of techniques, including guessing log-in credentials and spear-phishing - where specific individuals or organisations are targeted in an effort to gain access to a network. Wednesday's advisory was issued in conjunction with Australia, the United States, Germany, the Czech Republic, Poland, Canada, Denmark, Estonia, France and the Netherlands, warning organisations of the elevated threat and urging immediate action to protect themselves. "We strongly encourage organisations to familiarise themselves with the threat and mitigation advice included in the advisory to help defend their networks," Chichester said. with PA