Today's Best Amazon Deals – Up to 80% Off ×

Russia hacked 10,000 cameras, mostly in Ukraine, to spy on military aid deliveries

By: Anry Sergeev | 22.05.2025, 12:36
Cyber defence vulnerabilities on the example of a hacker attack on Ukraine Collage about the hacker attack on Ukraine. Source: DALL-E

The Guardian reports that Russia's military intelligence agency (GRU), in particular the 26165 unit, known as APT28 or Fancy Bear, is accused of a large-scale cyberattack on video surveillance systems in Ukraine and the EU. According to the UK's National Cyber Security Centre(NCSC) and allies, the hackers gained access to around 10,000 cameras located at border crossings, railway stations and military installations in Poland, Romania, Hungary, Slovakia and Ukraine itself.

What is known

The Russian GRU's Unit 26165 (known as APT28 or Fancy Bear) has once again been involved in an international scandal. According to UK and allied intelligence, the hackers gained unauthorised access to approximately 10,000 CCTV cameras located near military installations, railway stations and border crossings to monitor the supply of military and humanitarian aid to Ukraine. Unit 26165 is already known for its cyberattacks, including the 2016 hacking of the US Democratic Party's servers and the leak of World Anti-Doping Agency data.

The numbers are staggering:

  • 80% of the cameras were in Ukraine - that is, about 8000 devices.
  • 10% were in Romania (1000 cameras).
  • 4% - in Poland (approximately 400).
  • 2.8% - in Hungary (280 cameras).
  • 1.7% - in Slovakia (170 cameras).

The location of the remaining 150 cameras is currently unknown. It is believed that the attackers received an "instant snapshot" from each camera, i.e. a one-time access to the frame, without long-term video surveillance. However, even this is enough to assess the logistics and possible disruption of supplies.

Paul Chichester, Director of Operations at NCSC, said: "This malicious campaign by Russia’s military intelligence service presents a serious risk to targeted organisations, including those involved in the delivery of assistance to Ukraine".

In addition to camera hacking, the case involves phishing emails with questionable content, attempts to impersonate government officials and the theft of cargo logistics data. The reaction of the allies was immediate: The US, UK, Germany, and France called for stronger cyber defences on critical infrastructure.

The goal was to track and potentially impede the delivery of Western humanitarian aid to Ukraine. In addition to camera hacking, phishing emails with adult content, fake professional credentials, voice calls impersonating officials, and attempts to access logistical information such as cargo manifests and train schedules were used.

This is one of Russia's largest and most sophisticated cyber operations against Ukraine's logistics support. Recommendations for protection: multi-factor authentication, network segmentation, IP camera firmware updates, VPN blocking, monitoring of suspicious requests, in particular through RTSP (Real Time Streaming Protocol), a network management protocol that allows remote control of streaming multimedia content, such as video from IP cameras or other streaming media servers. It allows a client, such as a player, to remotely start, stop, pause, and change other parameters of the data stream.)

Source: The Gardian

Safety and hackers Military
Latest news
Latest reviews
Latest articles
Latest Discussions
OSZAR »