Intelligence and cybersecurity companies from 10 international locations has warned in a joint advisory {that a} cyberespionage group operated by the Russian army intelligence service, the GRU, has been focusing on logistics and IT firms for the previous three years. Identified within the security trade as APT28 and Fancy Bear, the risk actor has been launching assaults towards these targets utilizing a wide range of preliminary entry ways together with password spraying, spearphishing and exploitation of vulnerabilities in in style software program.
“As Russian army forces failed to fulfill their army aims and Western international locations supplied assist to assist Ukraine’s territorial protection, unit 26165 [of the Russian GRU 85th GTsSS] expanded its focusing on of logistics entities and expertise firms concerned within the supply of assist,” the advisory learn. “These actors have additionally focused Web-connected cameras at Ukrainian border crossings to observe and monitor assist shipments.”
The targets included dozens of presidency organizations and industrial entities concerned in items transportation on air, sea and rail. This included protection trade firms, transport and logistics firms, air visitors administration companies and IT companies corporations. The international locations focused have been Bulgaria, the Czech Republic, France, Germany, Greece, Italy, Moldova, the Netherlands, Poland, Romania, Slovakia, Ukraine and the US.