Russian cyberattacks endanger aid routes to Ukraine

According to the newspaper "The Guardian," Russian intelligence has hacked into about 400 cameras in Poland to disrupt the transport of humanitarian aid to Ukraine. The attacks targeted internet-connected cameras located at border crossings and near military installations. It is likely that both municipal and private cameras have been hacked.

The British National Cyber Security Centre (NCSC) disclosed that the Russian unit GRU 26165 (Glavnoye Razvedyvatel'noye Upravleniye) took control of a total of 10,000 cameras in various countries since 2022.

The actions of Russian intelligence may significantly weaken the effectiveness of humanitarian missions. Access to footage from cameras located near borders, logistics warehouses, or transport routes allows for tracking the movement of aid convoys. This poses a risk of their disruption, delay, or even deliberate targeting. Such operations effectively expand the field of warfare to the rear of military activities, striking at structures providing support to the civilian population. At the same time, it impacts the security of critical infrastructure in states involved in helping Ukraine, indicating that humanitarian actions may also become a target of information and cyber warfare.

The activities of Russian intelligence did not only include taking control of strategic cameras. Alongside acquiring footage from cameras, Russian services conducted a wide-ranging phishing campaign. Hackers distributed emails containing pornographic content or impersonated IT department employees, trying to obtain access credentials to internal systems. The goal of these actions was to gather information about train schedules and shipping documents that could facilitate tracking and potentially disrupting the transport of equipment or humanitarian aid. The scale and nature of the campaign show that Russia's cyber activities aim not only to gather information but also to disrupt the logistical support backing Ukraine.

According to the report, Russian activities against Poland will continue, and targets will include, among others, Polish companies engaged in rail, maritime, and air transport, as well as the defence and IT sectors.

Russians also have in their portfolio actions like spearphishing, which is one of the most sophisticated forms of cyberattacks. It involves a precisely targeted phishing fraud. Unlike classic phishing, which is sent out en masse, spearphishing requires prior reconnaissance of the victim. Cybercriminals gather information about a particular person, institution, or organisation to create a credible message impersonating, for example, a colleague, superior, or trusted business partner. The goal is to trick the victim into clicking on a malicious link, downloading a file containing malware, or providing access credentials. Such attacks are harder to detect and, due to their personalisation, significantly more effective.

According to a report published by the British National Cyber Security Centre (NCSC), Russian cyber operations were not limited to isolated incidents but constituted a wide-ranging campaign aimed at strategic sectors of NATO countries. The targets of the attacks included, among others, defence infrastructure, IT service companies, maritime transport, as well as key logistics hubs such as airports, ports, and air traffic management systems. The scale and scope of the activities indicate an attempt to disrupt the security and functioning of critical infrastructure elements in allied countries.

A warning about Russian attacks was issued by the United Kingdom together with Poland, the USA, Germany, the Czech Republic, Australia, Canada, Denmark, Estonia, France, and the Netherlands. NCSC announced increased network monitoring and updates to online security in the near future.