đź•’ Article read time: 3 minutes
Member warning: Logistics firms urged to protect themselves against Russian cyber attacks
UK and allies expose Russian intelligence campaign targeting western logistics and technology organisations.
Organisations are being urged to familiarise themselves with the threat and take immediate action to protect themselves.
- A Russian intelligence cyber campaign targeting organisations, including those involved in delivery of foreign assistance to Ukraine, has been revealed.
- Russia's malicious activity includes credential guessing, spear-phishing and exploiting Microsoft Exchange mailbox permissions, as well as targeting internet-connected cameras at Ukrainian border crossings and near military installations.
- UK organisations urged by GCHQ’s National Cyber Security Centre to familiarise themselves with the threat and take immediate action to protect themselves.
- It comes as the UK continues to ramp up pressure on Putin as Russia continues its invasion of Ukraine.
The UK government and international allies have exposed Russia’s military intelligence service for a campaign of malicious cyber activity against western logistics entities and technology companies.
Nigel Smart, Director of IT and Development at Logistics UK, said: “Over the past few years, we have seen increasingly sophisticated techniques being used by cyber criminals, both domestically and internationally, to target organisations across the UK economy.
"This latest advisory from NCSC and partner agencies reveals that our sector is far from immune to these attacks. It is therefore paramount that we are doing all we can to strengthen the cyber resilience of our supply chains and make sure all organisations across our sector, from the smallest to the largest, have the necessary tools and knowledge to protect themselves and bolster their cyber defences.
“At Logistics UK, we are proud to be a National Ambassador for the National Cyber Resilience Centre Group (NCRCG) – a collaboration between policing, government, academia and large organisations – working to embed cyber resilience throughout the UK economy, and specifically to support those smaller organisations who too often bear the brunt of cyber crime.
"This news has proven just how important our work with NCRCG is and that we need to continue to drive forward our collective efforts at pace. I encourage any SME looking for guidance on their cyber resilience to contact their regional, police-led Cyber Resilience Centre.”
In a new advisory, the UK's National Cyber Security Centre – a part of GCHQ – and partners from 10 countries have revealed details about how military unit 26165 of Russia’s GRU has conducted a malicious cyber campaign against both public and private organisations since 2022.
This has included targeting of organisations involved in the co-ordination, transport and delivery of support to Ukraine, and across the defence, IT services, maritime, airports, ports and air traffic management systems sectors in multiple NATO members.
Unit 26165 – also known as APT 28 – was able to gain initial access to victim networks using a mix of previously disclosed techniques, including credential guessing, spear-phishing and exploitation of Microsoft Exchange mailbox permissions. They also targeted internet-connected cameras at Ukrainian border crossings and near military installations to monitor and track aid shipments to Ukraine.
Supporting UK organisations to stay resilient to cyber threats is helping to secure the foundations for the government’s Plan for Change in a more volatile and unstable world. Along with details of the threat, the advisory includes mitigation advice to help defend against the malicious activity.
Paul Chichester, NCSC Director of Operations, said: "This malicious campaign by Russia’s military intelligence service presents a serious risk to targeted organisations, including those involved in the delivery of assistance to Ukraine.
"The UK and partners are committed to raising awareness of the tactics being deployed. We strongly encourage organisations to familiarise themselves with the threat and mitigation advice included in the advisory to help defend their networks. "Executives and network defenders at technology and logistics companies should recognise the elevated threat of targeting and take immediate action to protect themselves."
Actions include increasing monitoring, using multi-factor authentication with strong factors – such as passkeys – and ensuring security updates are applied promptly to manage vulnerabilities.
The NCSC has co-sealed this advisory alongside agencies from the United States, Germany, Czech Republic, Poland, Australia, Canada, Denmark, Estonia, France and the Netherlands.
Read the advisory in full on the NSA's website.
Published On: 22/05/2025 15:00:00
Comments Section
If you are a Logistics UK member login to add comments.
