The UK government and its international partners have exposed a long-running Russian cyber campaign aimed at disrupting logistics, defence, and technology organisations supporting Ukraine, according to a new advisory published by the National Cyber Security Centre (NCSC).
The campaign, attributed to Russia’s military intelligence agency GRU Unit 26165 – also known as APT28 – has been active since 2022 and used techniques including spear-phishing, credential guessing, and the exploitation of Microsoft Exchange mailbox permissions to gain access to sensitive networks.
Targeted entities include companies and public bodies involved in the coordination and delivery of military and humanitarian aid to Ukraine, as well as broader sectors such as IT services, defence logistics, maritime, ports, air traffic management, and airports across multiple NATO countries.
The NCSC, part of GCHQ, issued the advisory in coordination with cybersecurity and intelligence agencies from ten allied nations, including the United States, France, Germany, Australia, and the Netherlands.
Paul Chichester, Director of Operations at the NCSC, said in the update: “This malicious campaign by Russia’s military intelligence service presents a serious risk to targeted organisations, including those involved in the delivery of assistance to Ukraine.”
“We strongly encourage organisations to familiarise themselves with the threat and mitigation advice included in the advisory to help defend their networks,” he added, warning executives and cyber security teams to “recognise the elevated threat of targeting and take immediate action to protect themselves.”
The GRU’s activity has also included surveillance of internet-connected cameras at Ukrainian border crossings and near military installations, in what officials believe was an effort to monitor aid shipments.
The exposure of the campaign comes as the UK intensifies pressure on Moscow. This week alone, the government announced 100 new sanctions targeting Russian military supply chains, energy networks, and financial institutions. The UK has committed £13 billion in military aid to Ukraine since the start of the conflict.
Mitigation advice in the advisory includes strengthening access controls using multi-factor authentication with strong credentials like passkeys, improving threat detection, and ensuring timely application of security patches.
The full advisory, co-signed by national cybersecurity agencies across Europe and North America, is available on the NSA’s website. It forms part of the UK’s broader effort to enhance national cyber resilience and reinforce support for Ukraine as Russia’s invasion continues.
