GRU hacked border cameras to disrupt aid to Ukraine - The Guardian
A unit of the Russian GRU has gained access to CCTV cameras near border crossings, military facilities and railway stations in key European locations.
According to Censor.NET, The Guardian reports this with reference to British and European intelligence.
Britain and its allies accuse the GRU of hacking 10,000 cameras on borders, near military facilities and railway stations to monitor Ukraine. The GRU's 26165 unit is also accused of sending phishing emails with pornographic content or fake professional information, as well as using stolen passwords to access systems.
The unit - also known as APT 28 or Fancy Bear - has allegedly been conducting cyberattacks against public and private organisations in NATO countries since 2022.
In its warning, the UK's National Cyber Security Centre (NCSC), part of the Government Communications Centre, called on private companies involved in the delivery of aid to "take immediate action to protect themselves".
It is estimated that the perpetrators gained access to about 10,000 cameras located near military facilities and railway stations to track the movement of goods to Ukraine. 80% of them are located in Ukraine, and another 10% are in Romania.
It is noted that 4% of the hacked cameras were located in Poland, 2.8% in Hungary, and 1.7% in Slovakia. The locations of the remaining cameras are not disclosed. The hacking made it possible to obtain a screenshot of the camera images, the sources say.
Other attempts were also made to collect confidential information about the supply chain, including train schedules and shipping documents.
"In at least one instance, the actors attempted to use voice phishing to gain access to privileged accounts by impersonating IT staff," the statement, signed by ten countries, including the United States, France and Germany, says.
The report goes on to say: "The subjects of spearphishing emails were diverse and ranged from professional topics to adult themes. Phishing emails were frequently sent via compromised accounts or free webmail accounts. The emails were typically written in the target’s native language and sent to a single targeted recipient."
"This malicious campaign by Russia’s military intelligence service presents a serious risk to targeted organisations, including those involved in the delivery of assistance to Ukraine. The UK and partners are committed to raising awareness of the tactics being deployed. We strongly encourage organisations to familiarise themselves with the threat and mitigation advice included in the advisory," Paul Chichester, the NCSC’s director of operations, said.
The proposed measures include enhanced monitoring, multi-factor authentication with strong verification methods, including passkeys, and prompt installation of security updates to address vulnerabilities.
The advisory was drawn up with agencies from the US, Germany, Czech Republic, Poland, Australia, Canada, Denmark, Estonia, France and the Netherlands.
