The United Kingdom and ten allied nations have exposed a sophisticated Russian cyber campaign aimed at disrupting Western aid to Ukraine, according to reports from multiple sources on May 21-22, 2025 [1][2][3][4][5][6][7][8].

The UK's National Cyber Security Centre (NCSC), part of GCHQ, along with intelligence agencies from countries including the United States, France, and Germany, issued an advisory detailing the activities of Russian military intelligence unit GRU 26165, also known as Fancy Bear or APT28 [3][6].

According to the advisory, the Russian hackers have been targeting both public and private organizations in NATO member states since 2022, focusing on entities involved in coordinating and delivering aid to Ukraine [6][8].

Paul Chichester, Director of Operations at the NCSC, stated, "This malicious campaign by Russia's military intelligence service presents a serious risk to targeted organizations, including those involved in the delivery of assistance to Ukraine" [8].

The cyber campaign reportedly involved hacking into approximately 10,000 surveillance cameras, primarily located near border crossings, military installations, and railway stations [1][3]. The majority of these cameras (80%) were in Ukraine, with others in neighboring countries such as Romania (10%), Poland (4%), Hungary (2.8%), and Slovakia [1][4].

The hackers employed various methods, including:

Accessing private and municipal cameras to monitor aid shipments [4] Sending phishing emails containing pornography and fake professional information [6] Obtaining stolen account passwords to infiltrate systems [6] Exploiting Microsoft Exchange permissions [5]

The campaign targeted organizations in the government, defense, IT, and maritime sectors, with a particular focus on logistics entities coordinating aid to Ukraine [5][7].

In response to these revelations, the NCSC has called on private companies involved in aid delivery to "take immediate action to protect themselves" [6]. The coordinated disclosure by multiple nations underscores the international concern over Russia's cyber activities and their potential impact on support for Ukraine.

As the conflict in Ukraine continues, this cyber campaign highlights the evolving nature of modern warfare, where battles are fought not only on physical fronts but also in the digital realm. The exposure of these activities may prompt increased cybersecurity measures among aid organizations and NATO countries to safeguard the continued flow of assistance to Ukraine.