Hackers linked to Russian military intelligence have intensified a covert cyber campaign targeting Western defence and logistics firms supporting Ukraine, exploiting vulnerabilities to monitor aid shipments via surveillance cameras across multiple countries, a new NSA report reveals.
Hackers affiliated with Russian military intelligence have initiated a sophisticated cyber campaign targeting Western technology and logistics firms involved in providing assistance to Ukraine. According to a report from the U.S. National Security Agency (NSA), which was released recently, these hackers aim to gather intelligence on both military and humanitarian shipments entering Ukraine. The operation, which began in 2022, saw attempts to infiltrate various sectors including defence, transportation, and logistics across multiple Western nations, not merely limiting their focus to the United States.
The scale of these assaults is alarming: over 10,000 internet-connected cameras in and around Ukraine, as well as in neighbouring countries like Romania and Poland, have been targeted. The hackers sought access to surveillance feeds from these cameras, strategically located at critical transportation points such as ports, rail hubs, and border crossings. This initiative underscores a broader Russian strategy to closely monitor the flow of aid, which has been substantial since the conflict erupted in 2022, as Western allies ramped up their support for Ukraine.
Notably, the NSA report did not specify the precise types of assistance that were the subject of this surveillance, but analysts contend that any insights gained could significantly enhance Russian operational strategies in the region. For instance, cybersecurity expert Grant Geyer, Chief Strategy Officer at Claroty, asserted that the hackers’ efforts provide them with a detailed understanding of logistical operations: “They have done detailed targeting across the entire supply chain to understand what equipment is moving, when and how—whether it’s by aircraft, ship, or rail.” This information could potentially aid in future planning for military operations or cyber offensives against the aid supply chains.
The technique employed by these Russian operatives involved classic cyber tactics such as spear phishing, where messages designed to look legitimate trick individuals into divulging sensitive information or downloading harmful software. These attacks also exploited vulnerabilities commonly found in home and small office networks, which generally possess weaker security protections compared to larger, more robust systems. As established in previous advisories, organizations involved in the logistics of aid must be particularly vigilant given these ongoing threats.
Officials have linked these cyber operations to a well-known Russian military intelligence unit, often referred to as “Fancy Bear,” notorious for its previous campaigns targeting Western interests. This group’s choice of targets reflects a calculated decision to undermine support structures for Ukraine, potentially aiming to disrupt vital supplies and communications.
In light of these threats, the NSA, in conjunction with the FBI and allied security agencies, has issued warnings to companies involved in aid logistics, advising that they prepare for potential targeting by these Russian hackers. A joint statement from the United Kingdom and NATO allies further emphasized the risks, calling on organisations to bolster their cybersecurity measures in response to this sustained campaign.
As the situation continues to evolve, the implications of these cyber operations are profound, raising critical concerns about the security of critical infrastructure essential for supporting Ukraine’s resistance against Russian aggression. The indefinite nature and resilience of these cyber threats underscore the necessity for ongoing vigilance and proactive security measures in a landscape where digital warfare and physical conflicts increasingly intersect.
In summary, while the report provides chilling insights into the tactics and strategies of Russian cyber intelligence, it also serves as a reminder of the vulnerabilities that still exist in critical sectors providing support not just to Ukraine, but to the integrity of Western alliances themselves.
Reference Map
- Paragraph 1: [1], [2]
- Paragraph 2: [1], [2]
- Paragraph 3: [1], [2], [6]
- Paragraph 4: [1], [2]
- Paragraph 5: [1], [3]
- Paragraph 6: [1], [3]
- Paragraph 7: [1], [3]
- Paragraph 8: [1], [3]
Source: Noah Wire Services
- https://m.belfasttelegraph.co.uk/news/world-news/russian-hackers-hit-western-firms-sending-aid-to-ukraine-us-intelligence-says/a1178893146.html – Please view link – unable to able to access data
- https://apnews.com/article/6308ca3e11c8299470df573e4f422878 – Hackers affiliated with Russian military intelligence have been targeting Western technology, logistics, and transportation firms involved in aiding Ukraine, according to a report by the U.S. National Security Agency (NSA). The cyber campaign, starting in 2022, sought to obtain intelligence on military and humanitarian aid shipments to Ukraine. Tactics included spearphishing and exploiting vulnerabilities in small office and home networks to access data and internet-connected cameras near Ukrainian borders and other key transit points across Eastern and Central Europe. Over 10,000 such cameras were targeted. The hackers, linked to the well-known group ‘Fancy Bear,’ aimed to gain a granular understanding of the movement and logistics of aid deliveries, potentially to enhance Russian war strategies or plan further disruptions. The NSA, along with the FBI and allied intelligence agencies, warned companies involved in aid logistics to remain vigilant. While details on the success of the breaches remain undisclosed, officials emphasized the significance of these operations and urged heightened cybersecurity measures across vulnerable sectors. ([apnews.com](https://apnews.com/article/6308ca3e11c8299470df573e4f422878?utm_source=openai))
- https://www.reuters.com/world/uk-allies-warn-russian-cyber-activity-targeting-support-ukraine-2025-05-21/ – On May 21, 2025, the United Kingdom and its allies, including the United States, France, and Germany, issued a joint advisory warning about a Russian state-sponsored cyber campaign. The campaign, reportedly orchestrated by Russia’s military intelligence service, is targeting organizations that are involved in the delivery of support to Ukraine. Additionally, it affects Western logistics, defense, IT services, and critical infrastructure sectors such as maritime, airports, ports, and air traffic management systems across multiple NATO member countries. Paul Chichester, Director of Operations at the UK’s National Cyber Security Centre (NCSC), emphasized the serious risk posed to these organizations. The advisory urges affected entities to understand the nature of the threat and to implement recommended cybersecurity measures to defend their networks against potential cyberattacks. ([reuters.com](https://www.reuters.com/world/uk-allies-warn-russian-cyber-activity-targeting-support-ukraine-2025-05-21/?utm_source=openai))
- https://www.reuters.com/world/us-suspends-some-efforts-counter-russian-sabotage-trump-moves-closer-putin-2025-03-19/ – The Trump administration has suspended numerous U.S. national security efforts designed to counter Russian sabotage, disinformation, and cyberattacks. These measures were initially put in place by former President Joe Biden’s administration in response to intelligence warnings about Russia’s escalating shadow war against Western nations. President Donald Trump’s administration, in contrast, has downscaled coordination between various U.S. agencies along with European allies, significantly impacting ongoing efforts. The suspension comes amid Trump’s attempt to improve relations with Russia, particularly to encourage an end to the war in Ukraine. This move has prompted concerns among security officials about the de-prioritization of monitoring Russia’s hybrid warfare tactics, which have previously included arson, assassinations, and cyber operations. Efforts to combat and monitor Russia’s actions are now uncertain, raising alarms about the potential risk to U.S. and European security. ([reuters.com](https://www.reuters.com/world/us-suspends-some-efforts-counter-russian-sabotage-trump-moves-closer-putin-2025-03-19/?utm_source=openai))
- https://www.lemonde.fr/en/pixels/article/2024/04/17/how-sandworm-russia-s-elite-hackers-attacked-a-small-mill-instead-of-dam-they-targetted_6668731_13.html – On March 2, CyberArmyofRussia_Reborn falsely claimed responsibility for hacking the Courlon-sur-Yonne hydroelectric power plant in France. However, they actually breached a small mill in Courlandon. The hackers manipulated software to release water, lowering the downstream water level by 20 centimeters. CyberArmyofRussia_Reborn, a channel controlled by the Russian elite hacking unit Sandworm, uses exaggerated claims to enhance the perceived potency of their cyber operations. Sandworm, a major player in Russian cyber military tactics, has targeted water management infrastructures in allied countries, including the U.S. and Poland, to potentially cause significant damage. They have a history of such operations, including attacks on Ukraine’s power grid and involvement in political espionage like MacronLeaks. Their recent activities raise concerns about the security of critical infrastructures ahead of significant events like the Paris Olympic Games. ([lemonde.fr](https://www.lemonde.fr/en/pixels/article/2024/04/17/how-sandworm-russia-s-elite-hackers-attacked-a-small-mill-instead-of-dam-they-targetted_6668731_13.html?utm_source=openai))
- https://apnews.com/article/fb41bfccbbe7aaecd10a0a93905d4c8a – A Russian hacking group known as Star Blizzard, linked to the Federal Security Service (FSB), targeted Western think tanks, journalists, and former military and intelligence officials with sophisticated spear phishing attacks, aiming to steal information and disrupt operations. On Thursday, a U.S. court authorized the seizure of over 100 website domain names used by the hackers, following efforts by Microsoft and the Department of Justice. Star Blizzard’s activities included targeting civil society groups, U.S. companies, American military contractors, and the Department of Energy. Authorities expect Russia to continue deploying cyberattacks against the U.S. and its allies. The hacking group has also targeted groups in Europe and NATO countries, especially those supporting Ukraine. Despite past actions resulting in U.S. charges against two Russian men, both remain in Russia. The Russian Embassy in Washington did not immediately respond to requests for comments. ([apnews.com](https://apnews.com/article/fb41bfccbbe7aaecd10a0a93905d4c8a?utm_source=openai))
Noah Fact Check Pro
The draft above was created using the information available at the time the story first
emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed
below. The results are intended to help you assess the credibility of the piece and highlight any areas that may
warrant further investigation.
Freshness check
Score:
9
Notes:
The narrative is recent, with the Belfast Telegraph article published on May 22, 2025. The earliest known publication date of substantially similar content is May 21, 2025, by Reuters. The report is based on a press release from the U.S. National Security Agency (NSA), which typically warrants a high freshness score. No significant discrepancies in figures, dates, or quotes were found. The narrative includes updated data but recycles older material, which may justify a higher freshness score but should still be flagged. ([reuters.com](https://www.reuters.com/world/uk-allies-warn-russian-cyber-activity-targeting-support-ukraine-2025-05-21/?utm_source=openai))
Quotes check
Score:
8
Notes:
The direct quote from Grant Geyer, Chief Strategy Officer at Claroty, appears in earlier material, indicating potential reuse. The wording matches previous reports, suggesting the quote has been recycled. No online matches were found for other direct quotes, raising the score but flagging them as potentially original or exclusive content.
Source reliability
Score:
7
Notes:
The narrative originates from the Belfast Telegraph, a reputable organisation. However, the report is based on a press release from the NSA, which typically warrants a high reliability score. The mention of Grant Geyer, Chief Strategy Officer at Claroty, is verifiable online, indicating the information is credible.
Plausability check
Score:
9
Notes:
The claims align with known Russian cyber activities targeting Western firms involved in aiding Ukraine. The NSA’s involvement and the mention of Grant Geyer, a known cybersecurity expert, add credibility. The language and tone are consistent with official reports, and the structure is focused on the claim without excessive or off-topic detail.
Overall assessment
Verdict (FAIL, OPEN, PASS): PASS
Confidence (LOW, MEDIUM, HIGH): HIGH
Summary:
The narrative is recent and based on a press release from the NSA, indicating high freshness and reliability. The direct quote from Grant Geyer appears in earlier material, suggesting potential reuse. However, the overall content is plausible, with verifiable sources and consistent language and tone.
