UK Unveils Russian Cyber Espionage Targeting Aid to Ukraine**

Thu Oct 23 2025 02:14:16 GMT+0300 (Eastern European Summer Time)

UK authorities reveal details of a cyber campaign by Russian forces aimed at disrupting foreign aid to Ukraine, employing sophisticated hacking techniques to access critical infrastructure.**

A joint investigation has uncovered a Russian military campaign that has targeted organizations aiding Ukraine since 2022, raising significant concerns about cybersecurity and espionage tactics.**

The United Kingdom has reported a significant "malicious cyber campaign" orchestrated by a Russian military unit aimed at undermining foreign assistance efforts for Ukraine. This revelation comes from a thorough investigation completed in collaboration with allies such as the United States, Germany, and France, conducted by the UK's National Cyber Security Centre (NCSC).

The campaign, which has been ongoing since 2022, specifically targets both public and private organizations involved in providing defense, IT, and logistical support to Ukraine. The cybersecurity agencies from ten NATO countries and Australia revealed that Russian spies had utilized a diverse array of hacking techniques to infiltrate these networks. Among the compromised assets were internet-connected cameras at Ukrainian borders, which monitored aid shipments, with approximately 10,000 cameras being accessed to track critical material movements through military installations and rail stations.

Credited for the espionage activities is the Russian military unit dubbed GRU Unit 26165, widely known as "Fancy Bear," notorious for its past exploits including the hacking of the World Anti-Doping Agency and involvement in the 2016 breach of the US Democratic National Committee. Paul Chichester, the NCSC Director of Operations, issued a cautionary statement about the risks posed to organizations supporting Ukraine, urging those involved in such operations to act on the provided threat mitigation advice.

Experts, including John Hultquist from Google Threat Intelligence Group, emphasized that any entity contributing to the flow of goods into Ukraine should regard itself as a target for Russian military intelligence. "There is not just an interest in identifying support to the battlefield, but also in disrupting it through both physical and cyber means," he noted, implying that these incidents may foreshadow more severe actions.

The investigation highlighted that Fancy Bear targeted essential infrastructure organizations, spanning 12 countries across Europe and the US, using methods such as password guessing and spear phishing. In this latter technique, deceptive emails are crafted and sent to key individuals, guiding them to bogus sites to collect sensitive login information.

Rafe Pilling, director of threat intelligence at Sophos, stated that the group's tactics—exploiting vulnerabilities in software like Microsoft Outlook—have become a standard approach for over ten years. Access to surveillance cameras would provide insights into goods transported, aiding in targeting efforts.

Cybersecurity firm Dragos corroborated the reported hacking activity, emphasizing that the Russian hackers aim not only to gain access to corporate networks but also to penetrate industrial control systems, which could lead to intellectual property theft or prepare for disruptive attacks. This alarming situation underscores the escalating cyber threats amidst the ongoing conflict in Ukraine.