A state-sponsored hacker group from Russia has been conducting extensive cyber attacks against logistics and tech companies involved in delivering international aid to Ukraine since 2022. The attacks have affected at least 13 NATO member countries as well as Ukraine.

Source: an analytical report from the Cybersecurity and Infrastructure Security Agency (CISA) under the U.S. Department of Homeland Security.

Details: According to the report, since late February 2022, the Russian GRU, specifically the 85th Special Services Center (military unit 26165), also known in the cybersecurity community as Fancy Bear or APT28, has significantly intensified cyber operations against Western infrastructure.

The primary targets of this campaign have been logistics firms, IT companies, and transport infrastructure facilitating the coordination and delivery of foreign aid to Ukraine. 

Quote: "Actors targeted companies related to sectors in NATO member countries, Ukraine, and international organizations:

• Defense industry
• Transport and transport hubs (ports, airports, etc.)
• Maritime sector
• Air traffic management
• IT services

Additional details: Reconnaissance has also been conducted against at least one enterprise involved in manufacturing components for industrial control systems (ICS), particularly for railway management.

One of the priority targets for Russian hackers has been transport manifests, specifically data on train, flight, and container numbers, which accurately indicate what is heading to Ukraine and when. 

The report claims that thousands of IP cameras at border crossings and railway hubs were compromised, allowing Russian intelligence to monitor humanitarian aid convoys in real time.

Cyber attacks affected at least 13 countries, including: the Czech Republic, Germany, Poland, Romania, Ukraine, and the USA.