Russians hacked border cameras to spy on Ukraine-bound aid

Russian military intelligence service GRU attempted to disrupt the flow of western aid to Ukraine by hacking into surveillance cameras positioned at key logistical points across Europe, The Guardian reported on 21 May. The claim was made in an advisory issued by the UK’s National Cyber Security Centre (NCSC), and supported by intelligence agencies from 10 other countries including the US, France, Germany, and Poland.

Known as APT 28 or Fancy Bear, GRU Unit 26165 is tied to Russian military intelligence and has led major cyber operations. These include leaking World Anti-Doping Agency data and the 2016 attack on the Democratic National Committee. It typically employs spearphishing and malware.

Unit 26165 is alleged to have infiltrated cameras located at rail stations, military installations, and border crossings. According to the advisory, “unit 26165 actors likely used access to private
cameras at key locations […] to track the movement of materials into Ukraine.” The advisory also states that they “used legitimate municipal services, such as traffic cams.”

Scale of hacked surveillance systems

Roughly 10,000 cameras were reportedly accessed during the operation. Of these, 80% were located in Ukraine, 10% in Romania, 4% in Poland, 2.8% in Hungary, and 1.7% in Slovakia. The location of the remaining targeted cameras was not disclosed. The NCSC said the intrusion gave the GRU access to “snapshots” of camera images showing material movements.

Russia behind multiple cyberattacks on French institutions that have escalated since 2021, says Paris

Additional cyber tactics deployed

Beyond accessing surveillance cameras, the advisory states that GRU operatives also sought sensitive logistics data, including train timetables and shipping manifests. They used spearphishing emails – phishing messages highly personalized for a specific organization – that featured adult material or fake professional content, often sent through hijacked or free email services.

Targeted organizations and UK’s warning

The targets included public and private organizations involved in delivering military and humanitarian aid to Ukraine. Paul Chichester, director of operations at the NCSC, said:

“This malicious campaign by Russia’s military intelligence service presents a serious risk to targeted organisations, including those involved in the delivery of assistance to Ukraine.”

Read also

You could close this page. Or you could join our community and help us produce more materials like this. We keep our reporting open and accessible to everyone because we believe in the power of free information. This is why our small, cost-effective team depends on the support of readers like you to bring deliver timely news, quality analysis, and on-the-ground reports about Russia's war against Ukraine and Ukraine's struggle to build a democratic society. A little bit goes a long way: for as little as the cost of one cup of coffee a month, you can help build bridges between Ukraine and the rest of the world, plus become a co-creator and vote for topics we should cover next. Become a patron or see other ways to support. Become a Patron!