Russian Hackers Target Ukraine Aid Logistics Through Email and VPN Vulnerabilities
May 21, 2025
Cyber Espionage / Vulnerability
State-sponsored Russian cyber actors have been linked to a campaign focused on Western logistics and tech firms since 2022. This activity is attributed to APT28 (also known as BlueDelta, Fancy Bear, or Forest Blizzard), connected to the Russian GRU’s 85th Main Special Service Center, Military Unit 26165. Key targets include companies involved in the coordination and delivery of international aid to Ukraine, as highlighted in a joint advisory from agencies across Australia, Canada, Czechia, Denmark, Estonia, France, Germany, the Netherlands, Poland, the United Kingdom, and the United States. The bulletin notes that this cyber-espionage campaign employs a range of previously identified tactics and is likely linked to broader efforts aimed at IP cameras in Ukraine and neighboring NATO countries.