Cybersecurity leaders urged to strengthen defenses amid persistent espionage campaign from Russian GRU
A joint cybersecurity advisory issued by U.S., U.K., EU, and allied agencies warns of a sustained cyber espionage campaign by the Russian GRU’s 85th Main Special Service Center (Unit 26165). Since 2022, this group has actively targeted Western logistics and technology companies, specifically those offering foreign assistance to Ukraine.
The campaign employs a range of advanced tactics including brute force attacks, spearphishing, malware delivery, and exploitation of software vulnerabilities (e.g., Outlook, Roundcube, WinRAR). Victims span multiple countries and sectors including air, sea, and rail transportation. These attackers have targeted entities within the following verticals: Defense Industry, Transportation and hubs (ports, airports, etc), Maritime, Air Traffic Management and IT Services.
Of note, GRU actors have used hacked IP cameras at border crossings and transport hubs to monitor shipments, combining traditional cyber techniques with physical surveillance. Their persistence mechanisms include scheduled tasks, malicious shortcuts, and credential harvesting to maintain long-term access and exfiltrate sensitive logistics data.
Organizations are urged to implement zero trust architectures, update and harden systems, monitor for known indicators of compromise, and apply recommended mitigation strategies.
