Russian hackers target Western firms shipping aid to Ukraine, US intelligence says

WASHINGTON — Hackers working for Russian military intelligence targeted Western technology and logistics companies involved in shipping assistance to Ukraine, the U.S. National Security Agency said.

The hackers were trying to obtain details about the type of assistance entering Ukraine and, as part of the effort, sought access to the feeds of internet-connected cameras near Ukrainian border crossings, according to the NSA's report on the cyberattack, which was issued late Wednesday.

The cyber campaign sought to penetrate defense, transportation and logistics companies in several Western countries, including the U.S., as well as ports, airports and rail systems. The report didn't specify which types of aid Russia was surveilling, but Ukraine's allies have contributed significant amounts of military and humanitarian assistance since the war began.

More than 10,000 internet-connected cameras were targeted, including private devices and public traffic cameras near critical transportation points, such as ports, rail hubs or border crossings. Most were in Ukraine, though some were in Romania, Poland and other eastern or central European countries.

Officials did not disclose details about the hackers' success or how long they remained unnoticed. The activity detailed in the report began in 2022, the same year that Russia invaded Ukraine.

Russia is expected to continue its efforts to spy on aid shipments, and companies involved in aid logistics or shipments should be on guard, according to the report, which was issued jointly by the NSA, the FBI and security agencies in several allied nations.

''To defend against and mitigate these threats, at-risk entities should anticipate targeting,'' the NSA said.

Authorities linked the activity to a Russian military intelligence unit dubbed ''Fancy Bear'' that is well known for its past campaigns targeting the U.S. and its allies.

The hackers used a variety of tactics to gain access, including spearphishing, which involves sending authentic-looking messages to a potential victim that contain links to harmful software or requests for sensitive information.

The Russian team also exploited security vulnerabilities in computer devices used at small and in-home offices, networks that often lack the security measures found in larger systems.

The hackers didn't use particularly innovative techniques, according to Grant Geyer, chief strategy officer at the cybersecurity company Claroty. Nevertheless, the sprawling yet carefully orchestrated effort gives the Russians a ''granular understanding'' of the aid sent to Ukraine, he said.

''They have done detailed targeting across the entire supply chain to understand what equipment is moving, when and how — whether it's by aircraft, ship or rail,'' Geyer said.

Russia could use the information it obtained to hone its war planning, Geyer said, or to plot further cyber or physical attacks on the supply chain to Ukraine.

Last fall, U.S. intelligence officials issued a public bulletin directing American defense companies and suppliers to increase security precautions following several acts of sabotage in Europe that officials have blamed on Russia.

The Russian Embassy in Washington didn't immediately respond to messages seeking comment.