UK exposes Russian hacking unit targeting air traffic systems and Western defences

Posted by. Posted onMay 21, 2025 Comments0
Binary code displayed on a laptop screen and binary code displayed on a screen are seen in this multiple exposure illustration photo taken in Krakow, Poland on September 27, 2022. (Photo by Jakub Porzycki/NurPhoto via Getty Images)
Hackers have been infiltrating Western tech and logistics since the start of 2022 (Picture: NurPhoto)

Britain and its allies has exposed a major Russian state-sponsored cyber campaign going as far as the beginning of 2022.

The military intelligence service (GRU) have been targeting anything and everything to do with getting support to Ukraine – from tech and logistics firms to airports and air traffic control, and cameras.

Basically, if it moves – and assists Ukraine in the war – the Kremlin is on to it.

Paul Chichester, from the UK National Cyber Security Centre (NCSC) said: ‘This malicious campaign by Russia’s military intelligence service presents a serious risk to targeted organisations, including those involved in the delivery of assistance to Ukraine.’

His warning came in a joint statement with other Nato members, all urging organisations to secure their systems.

He added: ‘We strongly encourage organisations to familiarise themselves with the threat and mitigation advice included in the advisory to help defend their networks.’

The US, Germany, the Czech Republic, Poland, Australia, Canada, Denmark, Estonia, France and the Netherlands have all reported interference.

Russia targets 10,000 cameras

More specifically, some of the targets were internet-connected cameras at Ukrainian borders.

A joint report released by the UK and its allies said that the Russian military intelligence unit monitored shipments of aid going into the country.

Around 10,000 cameras were infiltrated near ‘military installations, and rail stations, to track the movement of materials into Ukraine.’

‘Actors also used legitimate municipal services, such as traffic cams,’ the report added.

Hackers identified as elite GRU Unit 26165

GRU Unit 26165 – also known as Fancy Bear, Forest Blizzard and BlueDelta – has been identified as the culprit.

It is one of Russia’s most famous hacking squads.

They are not some teenagers in a basement – they are elite, well-funded, and their orders come all the way from the top in the Kremlin.

Members of the unit are credited with the targeting of anti-doping agencies and also the Olympics after Russian athletes were banned for doping, the Atlantic revealed back in 2018.

Russia ramps up espionage in 2022

In late February 2022, as the full-scale invasion of Ukraine was launched, multiple Russian state-sponsored cyber actors increased their operations for espionage, destruction, and influence – with Unit 26165 predominately involved in espionage.

The British government said in a statement: ‘As Russian military forces failed to meet their military objectives and Western countries provided aid to support Ukraine’s territorial defence, Unit 26165 expanded its targeting of logistics entities and technology companies involved in the delivery of aid.

‘These actors have also targeted Internet-connected cameras at Ukrainian border crossings to monitor and track aid shipments.’

Got a story? Get in touch with our news team by emailing us at webnews@metro.co.uk. Or you can submit your videos and pictures here.

For more stories like this, check our news page.

Follow Metro.co.uk on Twitter and Facebook for the latest news updates. You can now also get Metro.co.uk articles sent straight to your device. Sign up for our daily push alerts here.

Category

Leave a Comment