Russian APT28 harms Western logistics and IT companies to track Ukraine’s aid

Intelligence and cybersecurity agencies from 10 countries warned in a joint consultation that the Cyber ​​Growth Group operated by the Russian Military Intelligence Agency GRU has targeted logistics and IT companies for the past three years. Known as APT28 and Fancy Bear in the security industry, threat actors have been using various initial access strategies to launch attacks, including password spraying, contradictions and exploiting vulnerabilities in popular software.

“As the Russian army failed to meet its military goals, Western countries provided assistance to support Ukrainian territory defense, Unit 26165 [of the Russian GRU 85th GTsSS] “The targets of its logistics entities and technology companies that provide assistance are expanded. These participants are also targeting Internet-connected cameras at Ukrainian border crossings to monitor and track assistance transport,” the consultation said.

The targets include dozens of government organizations and commercial entities involved in the transport of air cargo. This includes defense industry companies, transportation and logistics companies, air traffic management agencies and IT services companies. Countries targeted are Bulgaria, Czech Republic, France, Germany, Greece, Italy, Moldova, Netherlands, Poland, Romania, Romania, Slovakia, Ukraine and the United States.