UK, allies warn of Russian cyberattack targeting 10,000 security cameras to disrupt Ukraine aid

Reuters and The Guardian reported the information.

A Russian military intelligence unit is accused of using various methods to attack organizations providing aid.

“This malicious campaign by Russia’s military intelligence service presents a serious risk to targeted organisations, including those involved in the delivery of assistance to Ukraine,” said Paul Chichester, Director of Operations at the UK’s National Cyber Security Centre (NCSC).

According to the agency, the campaign also targets the defense sector, IT services, maritime transport, airports, ports, and air traffic control systems in several NATO countries.

British intelligence and its allies claim that a Russian military intelligence unit had access to cameras near crossings, military sites, and railway stations in European countries. Russia tried to hack security cameras at borders, crossings, railway stations, and near military facilities to spy on and disrupt the flow of Western aid to Ukraine.

Unit 26165 is also accused of sending phishing emails containing pornography and fake professional information, stealing account passwords to access systems, and conducting a malicious cyber campaign against public and private organizations in NATO countries since 2022.

“In addition to targeting logistics entities, unit 26165 actors likely used access to private cameras at key locations, such as near border crossings, military installations, and rail stations, to track the movement of materials into Ukraine,” the report says. “The actors also used legitimate municipal services, such as traffic cams.”

About 10,000 cameras were reportedly accessed near “military installations, and rail stations, to track the movement of materials into Ukraine” of which 80% were located in Ukraine and 10% in Romania. The report also claims that 4% of the cameras targeted were located in Poland, 2.8% in Hungary, and 1.7% in Slovakia. The location of the remaining cameras that were targeted is not reported.

Allied intelligence agencies report other attempts to gather confidential information about shipments, such as train schedules and transport manifests.

“In at least one instance, the actors attempted to use voice phishing to gain access to privileged accounts by impersonating IT staff,” the warning from 10 countries, including the U.S., France, and Germany, states.

“The subjects of spearphishing emails were diverse and ranged from professional topics to adult themes. Phishing emails were frequently sent via compromised accounts or free webmail accounts. The emails were typically written in the target’s native language and sent to a single targeted recipient,” the warning adds.

The United Kingdom, the United States, France, Germany, and other countries issued a warning to organizations about an increased threat and urged immediate action to protect themselves.

“We strongly encourage organisations to familiarise themselves with the threat and mitigation advice included in the advisory to help defend their networks,” emphasized Paul Chichester.

Recommended actions include enhanced monitoring, using multi-factor authentication with strong factors such as access keys, and promptly applying security updates to manage vulnerabilities.

• Earlier, Reuters reported that the messaging platform TeleMessage, through which former U.S. National Security Advisor Mike Waltz communicated, was hacked. The attacker may have accessed data of over 60 officials from Donald Trump’s administration.