Since the onset of Russia’s full-scale invasion of Ukraine, a Kremlin-backed hacker group—known in cybersecurity circles as APT28, Fancy Bear, Forest Blizzard, or BlueDelta—has been conducting a large-scale cyber campaign targeting entities responsible for delivering international aid to Ukraine. Operating under the Russian GRU’s 85th Special Services Center (military unit 26165), this group has intensified its cyber operations since February 2022, attacking critical infrastructure in at least 13 NATO member states and Ukraine, reports the Baltimore Chronicle, citing analytical report from the Cybersecurity and Infrastructure Security Agency (CISA) of the US Department of Homeland Security.
The primary targets of the campaign include logistics hubs, ports, airports, IT service providers, maritime and air traffic organizations, and defense sector enterprises. The attackers focused on entities involved in coordinating and transporting international support to Ukraine.
Cyber espionage activities have also been identified against companies producing components for industrial control systems (ICS), especially those managing railway infrastructure. One of the main goals of the hackers has been to obtain transport documentation, such as train, aircraft, and container numbers—data that reveals the specific content and timing of shipments headed to Ukraine.
Additionally, thousands of IP surveillance cameras located at border checkpoints and transportation hubs were reportedly hijacked by the hackers, enabling Russian intelligence to monitor humanitarian convoys in real-time. Countries affected by these cyberattacks include the Czech Republic, Germany, Poland, Romania, the United States, Ukraine, and other NATO allies.
Earlier we wrote that in February, damage from hacker attacks reached a record $1.51 billion.