Western Countries Reveal Major Russian Cyber-Espionage Campaign

In a joint statement released on Wednesday, eleven Western countries have accused a notorious Russian military intelligence hacking group of carrying out a major cyber-espionage campaign targeting defense, transport, and tech firms involved in helping Ukraine. The United States, the United Kingdom, Germany, the Czech Republic, Poland, Australia, Canada, Denmark, Estonia, France, and the Netherlands have all signed onto the statement, which details the activities of Unit 26165, a Russian military intelligence service known in the cybersecurity world as "Fancy Bear".

The Western countries claim that Unit 26165 has been carrying out this campaign for more than two years, using a variety of tactics including targeted scam emails and stolen passwords. The hackers have gone after government organizations and private companies in the defense, transport, maritime, air traffic management, and IT sectors, with organizations from these industries based in Bulgaria, the Czech Republic, France, Germany, Greece, Italy, Moldova, the Netherlands, Poland, Romania, Slovakia, Ukraine, and the U.S. being targeted.

The Western countries explicitly linked the cyber campaign to Russia's war in Ukraine, saying that the attacks ramped up after February 2022. As Russian forces "failed to meet their military objectives and Western countries provided aid to support Ukraine's territorial defense, Unit 26165 expanded its targeting of logistics entities and technology companies involved in the delivery of aid," they said.

Multiple Russian hacking groups increased their activity at that time, but Unit 26165 focused on espionage — including targeting internet-connected cameras at Ukrainian border crossings and at least one organization involved in railway industrial control systems — the Western countries said Wednesday. This is not the first time that Unit 26165 has been accused of carrying out cyber-attacks.

It has previously been sanctioned by the EU for hacking the German Bundestag in 2015, and has also been tied to hacks of the U.S. Democratic National Committee in 2016, as well as email accounts belonging to then-Chancellor Olaf Scholz's Social Democratic Party in 2022 and 2023. More recently, France accused it of orchestrating cyberattacks on President Emmanuel Macron's 2017 election campaign.

The joint statement from the Western countries serves as a stark reminder of the significant threat posed by Russian state-sponsored hacking groups to global security. As tensions between Russia and the West continue to escalate, it is clear that cyber-attacks will remain a key area of conflict in the years to come.