The UK has exposed a large-scale Russian cyber operation backing Ukraine efforts, targeting organisations involved in delivering foreign assistance to the country.
A joint investigation by the UK’s National Cyber Security Centre (NCSC) and its allies, including the US, Germany, and France, has exposed a ‘malicious cyber campaign‘ targeting multiple organisations involved in delivering foreign assistance to Ukraine. The Russian military unit responsible for this campaign is believed to be GRU Unit 26165, also known as Fancy Bear.
The security bodies of 10 Nato countries and Australia have reported that Russian spies used a combination of hacking techniques to gain access to networks. Some of the targets included:
Russian espionage dates back to the 16th century, with the establishment of the Okhrana, a secret police agency responsible for domestic and foreign intelligence gathering.
In the early 20th century, the Cheka was formed, which later became the KGB, one of the most notorious spy agencies in history.
The KGB was involved in numerous high-profile espionage cases, including the 'Berlin Tunnel affair' and the 'Cuban Missile Crisis'.
Today, Russia's Foreign Intelligence Service (SVR) continues to engage in global espionage activities.
-
Internet-connected cameras at Ukrainian borders monitoring aid shipments
-
A rough estimate of 10,000 cameras accessed near military installations and rail stations to track the movement of materials into Ukraine
-
Legitimate municipal services, such as traffic cams
The report states that Fancy Bear used a range of tactics to gain access to networks, including:
-
Guessing passwords
-
Spearphishing, where fake emails are targeted at specific people with access to systems
- Exploiting vulnerabilities in Microsoft Outlook to collect credentials via specially crafted calendar appointment invitations
Fancy Bear is a state-sponsored cyber threat actor, believed to be affiliated with the GRU.
They are known for conducting sophisticated and targeted attacks on governments, organizations, and individuals worldwide.
Their primary goal is to steal sensitive information, disrupt operations, and compromise security systems.
Fancy Bear's tactics include spear phishing, malware deployment, and network exploitation.
According to a report by the cybersecurity firm Symantec, Fancy Bear has been linked to numerous high-profile breaches, including the 2016 US election interference.
The joint cyber-security advisory warns that this malicious campaign presents a serious risk to targeted organisations, including those involved in the delivery of assistance to Ukraine. The NCSC Director of Operations, Paul Chichester, is quoted as saying: ‘This malicious campaign by Russia’s military intelligence service presents a serious risk to targeted organisations… We strongly encourage organisations to familiarise themselves with the threat and mitigation advice included in the advisory to help defend their networks.‘
The exposure of this cyber campaign highlights the ongoing threat posed by state-sponsored actors to critical infrastructure. It is essential for organisations to take proactive measures to protect their networks and data from these types of threats.
State-sponsored actors refer to individuals, groups, or organizations that carry out activities on behalf of a government.
These actors can include diplomats, military personnel, intelligence agents, and even private contractors.
They often operate in gray areas between diplomacy and espionage, using various tactics to achieve their country's objectives.
According to a 2020 report, 75% of global cyberattacks are attributed to state-sponsored groups.
State-sponsored actors play a significant role in international relations, often blurring the lines between national interests and global security.
To mitigate the risk posed by Fancy Bear, organisations are advised to:
-
Familiarise themselves with the threat and mitigation advice included in the advisory
-
Implement robust security measures, including multi-factor authentication and regular software updates
-
Conduct regular security awareness training for employees
-
Monitor their networks for suspicious activity and report any incidents to the relevant authorities.
