Russian cyber hackers have intensified their activities targeting NATO and Ukraine’s logistics infrastructure: a large-scale attack has been ongoing for over a year
The successful conduct of information warfare utilizing high-tech tools is increasingly becoming an integral part of modern strategic struggles between countries. Recent months have once again confirmed this trend: Russian military hackers, financed and supported by the Kremlin authorities, deliberately attempt to undermine logistics chains essential for delivering international aid to Ukraine, as well as to limit the capabilities of Western countries to monitor and respond to these challenges. According to data from an analytical report published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), since late February 2022—when Russia first launched a large-scale military aggression against Ukraine—massive cyber operations have been activated. These activities are carried out by a unit of the Russian Main Intelligence Directorate (GRU)—the 85th Main Centre for Special Services (military unit 26165), commonly known in the cybersecurity community as Fancy Bear, APT28, Forest Blizzard, or BlueDelta. This codified unit likely coordinates and executes a range of special operations against Western and Ukrainian infrastructure. The targets of these cyberattacks include logistics, transportation, defense, and IT companies directly involved in the transportation and delivery of international humanitarian aid to Ukraine and the region. The official report notes numerous attempts to infiltrate networks of companies and institutions in countries such as Poland, the Czech Republic, Germany, Romania, the USA, and, of course, Ukraine. Observations confirmed that the enemy is deliberately attacking the defense industry sector, as well as transport logistics including ports, airports, and maritime vessels. Special attention from the Russians is given to infrastructure management objects and control systems based on industrial control systems (ICS), including components that support functioning of railway networks. During reconnaissance operations, information gathering was documented targeting one enterprise responsible for producing components for infrastructure management systems. This is significant, as the collected data allows the adversary to precisely determine routes of transportation convoys, train numbers, aircraft, and containers heading toward or away from Ukraine. The greatest threat is the ability to monitor humanitarian aid movements in real time. Sources indicate that Russian hackers gained access to thousands of IP cameras located at border crossing points and railway hubs. This opens a pathway to monitor the movement of vehicles and cargo, greatly complicating the operational activities of Ukrainian and Western forces. The attacks affected at least 13 countries, including NATO member states and Ukraine. Besides Ukraine, this list includes Poland, the Czech Republic, Germany, Romania, and the United States. At the same time, analysts emphasize that the activity of Russian hackers is systematic and persistently aimed at undermining the infrastructural security of Western partners, to better control logistics and respond promptly to any international aid initiatives. Overall, these cyberattacks demonstrate Russia’s deep involvement in information warfare against Ukraine and its Western allies. This is yet another proof that modern warfare is not only about combat actions and weaponry but also involves targeted operations in the virtual space aimed at weakening the support and capabilities of strategic partners and Ukraine. Although partner countries actively counter these intrusions, Russian hackers show high levels of skill and determination in their efforts, prompting security services to strengthen preventive measures and respond swiftly to emerging threats.