Eleven Western countries have accused a notorious Russian military intelligence hacking group of targeting defense, transport and tech firms involved in helping Ukraine.
The United States, the United Kingdom, Germany, the Czech Republic, Poland, Australia, Canada, Denmark, Estonia, France and the Netherlands on Wednesday released a joint statement on the Russian state-sponsored campaign, which targeted organizations involved in the “coordination, transport, and delivery of foreign assistance to Ukraine.”
The countries said Unit 26165 of the Russian military intelligence service — known in the cybersecurity world as “Fancy Bear” — had carried out the campaign for more than two years using a variety of tactics including targeted scam emails and stolen passwords.
Russian hackers involved in the campaign have gone after government organizations and private companies in the defense, transport, maritime, air traffic management and IT sectors, they said.
Organizations from those industries based in Bulgaria, the Czech Republic, France, Germany, Greece, Italy, Moldova, the Netherlands, Poland, Romania, Slovakia, Ukraine and the U.S. were targeted, according to Wednesday’s statement.
The Western countries explicitly linked the cyber campaign to Russia’s war in Ukraine, saying the attacks ramped up after February 2022.
As Russian forces “failed to meet their military objectives and Western countries provided aid to support Ukraine’s territorial defense, Unit 26165 expanded its targeting of logistics entities and technology companies involved in the delivery of aid,” they said.
Multiple Russian hacking groups increased their activity at that time, but Unit 26165 focused on espionage — including targeting internet-connected cameras at Ukrainian border crossings and at least one organization involved in railway industrial control systems — the Western countries said Wednesday.
Unit 26165 was previously sanctioned by the EU for hacking the German Bundestag in 2015. It has also been tied to hacks of the U.S. Democratic National Committee in 2016 and of email accounts belonging to then-Chancellor Olaf Scholz’s Social Democratic Party in 2022 and 2023.
More recently, France accused it of orchestrating cyberattacks on President Emmanuel Macron’s 2017 election campaign.
The post Western countries reveal major Russian cyber-espionage campaign appeared first on Politico.
