The UK accused a GRU unit, known as APT 28 or Fancy Bear, of attempting to hack around 10,000 surveillance cameras at border crossings, near military facilities, and railway stations in Ukraine and European countries, reports The Guardian. Russian intelligence services took this step to spy on Western aid flowing into Ukraine and disrupt its flow, claim UK intelligence services and their allies.
Of the total number of cameras, 80% were in Ukraine, 10% in Romania, 4% in Poland, 2.8% in Hungary, and 1.7% in Slovakia. The location of the remaining cameras is not specified.
According to the UK's National Cyber Security Centre (NCSC), since 2022, the GRU has been conducting a cyber campaign against government and private organizations in NATO countries. Hackers sent phishing emails with pornography, fake documents, and used stolen passwords to access systems. “The themes of the phishing emails were varied and ranged from professional topics to adult themes. Phishing emails were often sent through compromised accounts or free webmail accounts. The emails were generally written in the recipient's native language and sent to a single recipient,” the message states.
In some cases, they resorted to voice phishing, posing as IT specialists to gain access to privileged accounts. The targets of Russian intelligence services were logistics companies involved in delivering aid to Ukraine, as well as municipal services such as traffic cameras.
According to the agency, the hacks allowed hackers to obtain instant snapshots from cameras and collect data on train schedules and declared cargo.
In its advisory note, NCSC urged private companies involved in aid delivery to “take urgent protective measures.”