Technological reporters
Ghetto imagesThe United Kingdom has exposed what it says is a “malicious cyber campaign” aimed at many organizations, including those involved in providing foreign assistance in Ukraine
Following a joint investigation with allies, including the United States, Germany and France, the National Center for Cybersecurity of the UK (NCSC) said a Russian military unit was aimed at public and private organizations since 2022.
These include organizations involved in the provision of defense, IT services and logistics support.
The security authorities of 10 NATO and Australia countries said Russian spies used a combination of hacking techniques to gain access to networks.
Some of the goals were connected to internet cameras in the Ukrainian borders, which followed the deliveries for help entering the country.
The report also states that a rough estimate of 10,000 cameras was available near “military installations and railway stations to track the movement of materials in Ukraine.
He added that “the actors also used legal municipal services, such as traffic cameras.”
The Russian military unit accused of espionage is called GRU Unit 26165, but passes with a number of informal names, including Fantasy Bear.
The notorious hacking team is known to have previously expired Data on the World Anti -Doping Agency and played a key role in Cyber-Ataka for 2016 in the US Democratic Committee, according to security experts.
“This malicious campaign for Russia's military intelligence is a serious risk for targeted organizations, including those involved in providing assistance in Ukraine,” said Paul Chichester, Director of NCSC operations.
“We are highly encouraging organizations to familiarize themselves with the threat and mitigation advice included in the consultations to help protect their networks,” he added.
Anyone who is involved in the relocation of goods to Ukraine must “be considered directed” by Russian military intelligence, said John Hluquist, Chief Analyzer at Google Treav Intelligence Group.
“Beyond the interest in identifying the support of the battlefield, there is an interest in violating this support through physical or cyber resources,” he said.
“These incidents may be the precursors of other serious actions.”
Internet archiveThe Joint Cybersecurity Council said Fancy Bear has directed organizations related to critical infrastructure, including ports, airports, air traffic management and defense industry.
They were in 12 continental European countries and the United States.
The hackers used a combination of techniques to gain access, the report, including passwords for knowledge, said.
Another method used is called Spearphishing, where fake emails are aimed at specific people who have access to systems.
They are presented with a fake page where they enter their login information or encourage to click on a connection that then installs malware.
“The topics of piercing emails were varied and ranged from professional topics to adult topics,” the report said.
The vulnerability to Microsoft Outlook was also used to collect credentials “Through specially designed invitations to appoint an Outlook calendar.”
These types of techniques have been “the main tactic of this group for more than a decade,” said Rafi Peeling, director of Intelligence Intelligence at a Sophos Counter Threat Unit, he said.
Access to the camera “would help to understand what goods are being transported when in what volumes and maintenance of kinetic (weapons) targeting,” he added.
