Russian GRU Cyber Campaign Targets Western Logistics Firms Supporting Ukraine

The Russian General Staff Main Intelligence Directorate’s Unit 26165 has expanded its cyber‑espionage footprint beyond traditional political targets, homing in on Western logistics operators that facilitate humanitarian aid to Ukraine. Since early 2022, the group has built a multi‑layered intrusion chain that begins with credential‑guessing and spear‑phishing campaigns crafted in the recipient’s language, often impersonating government agencies. Once footholds are gained, the actors weaponize publicly disclosed vulnerabilities—most notably Outlook’s CVE‑2023‑23397 and WinRAR’s CVE‑2023‑38831—to move laterally, exfiltrate shipment data, and establish persistence with custom malware such as HEADLACE and MASEPIE.

A distinctive element of this campaign is the targeting of internet‑connected IP cameras positioned at border crossings, rail stations, and military facilities. By exploiting weak default credentials and unsecured RTSP services, GRU operators obtain live video feeds that reveal the timing and routes of aid convoys. This physical‑surveillance layer augments traditional cyber‑espionage, granting Russian intelligence a granular view of logistics flows that can be leveraged for both strategic disruption and propaganda. The convergence of network intrusion and real‑time video harvesting underscores the evolving hybrid threat landscape facing supply‑chain stakeholders.

For logistics firms and their technology partners, the advisory translates into a clear call to action. Implementing multi‑factor authentication, rigorously patching known CVEs, and tightening access controls on both corporate networks and IoT devices are essential first steps. Equally critical is the continuous monitoring of partner and supplier environments, as attackers frequently pivot through trusted relationships to expand their reach. As geopolitical tensions remain high, the persistence of GRU‑backed operations signals that robust, proactive cyber‑defense postures will be a competitive differentiator for companies operating in the high‑stakes arena of humanitarian logistics.