The United Kingdom has uncovered what it describes as a “malicious cyber campaign” orchestrated by a Russian military intelligence unit aimed at compromising organisations providing support to Ukraine.
Following a joint investigation with intelligence agencies from the United States, Germany, France, and other NATO allies, the UK’s National Cyber Security Centre (NCSC) revealed that Russia’s GRU Unit 26165 — also known as “Fancy Bear” — has been behind an ongoing cyber operation targeting both public and private institutions since 2022.
The entities affected reportedly include those supplying defence equipment, information technology services, and logistics for Ukraine. According to the NCSC, the cyber campaign is part of a broader effort by the Russian military to monitor and potentially disrupt international aid to Ukraine amid its ongoing war.
A particularly concerning discovery involved the compromise of internet-connected surveillance cameras at Ukraine’s borders. These devices, some 10,000 in number, were used to track the movement of humanitarian and military aid. The compromised cameras were located near military installations and railway stations, the report noted.
Investigators also found that the cyber operatives exploited legitimate local services, including traffic surveillance systems, to gain access to sensitive information.
“This malicious campaign by Russia’s military intelligence service presents a serious risk to targeted organisations, including those involved in the delivery of assistance to Ukraine,” said Paul Chichester, Director of Operations at the NCSC.
He urged organisations across the UK and partner nations to take immediate steps to understand the threat and follow mitigation strategies outlined in the advisory.
Fancy Bear, the unit behind the espionage, has a notorious track record. It was previously implicated in the 2016 hacking of the US Democratic National Committee and the leak of World Anti-Doping Agency data.
Security officials from ten NATO countries and Australia have also confirmed the cyber campaign, noting that the attackers employed a mix of sophisticated hacking techniques to infiltrate systems and monitor aid operations.
The exposure of the campaign comes amid growing concern over digital warfare and cyber sabotage as tools of international conflict, especially in the context of the war in Ukraine.
Chioma Kalu
Follow us on:
