Latest news with #GRU
Yahoo
2 days ago
- Politics
- Yahoo
Russian-linked hackers target UK Defense Ministry while posing as journalists
Russian-linked hackers targeted U.K. Defense Ministry staff in an espionage operation while posing as journalists, Sky News reported on May 29, citing the British government. The cyber attack was detected and thwarted, the government said. Speaking to reporters at a government facility where a team had disrupted the Russian-backed operation, U.K. Defense Minister John Healey revealed the formation of a new cyber command tasked with managing both offensive and defensive cyber efforts. "The nature of warfare is changing," Healey said, according to Sky News. "The keyboard is now a weapon of war and we are responding to that." Western officials have warned about surging cases of Russian-linked cyberattacks and other hybrid operations, primarily targeting countres backing Ukraine against Russian aggression. Earlier this month, London accused Russia's military intelligence (GRU) of a cyber campaign targeting Western logistics and technology organizations involved in delivering foreign assistance to Ukraine. Similarly, the French Foreign Ministry accused a GRU-linked hacker unit of escalating cyberattacks against French ministries. Both Ukraine and Russia have also employed cyberwafare as part of the full-scale war, targeting state institutions and companies providing critical services. The U.K. is part of the intarnational IT Coalition supporting Ukrainian cybercapabilities. Read also: Stavropol explosion kills Russian official who led attacks on Ukraine's Mariupol We've been working hard to bring you independent, locally-sourced news from Ukraine. Consider supporting the Kyiv Independent.
Yahoo
2 days ago
- Business
- Yahoo
US, Allies Warn of Russian Cyber Campaign Targeting Western Logistics Firms
Top security agencies across the United States and several of its European allies issued a joint cybersecurity advisory calling attention to a Russian state-sponsored cyber campaign targeting Western logistics companies and technology firms. A unit of Russia's primary foreign military intelligence agency, the Russian General Staff Main Intelligence Directorate (GRU), has carried out the attacks on dozens of entities including those involved in the coordination, transport and delivery of aid to Ukraine. More from Sourcing Journal Adidas Says Cyber Attack Targeted Customers' Personal Information, Credit Card Data Marked 'Safe' From Breach Logistics M&As: E2Open Taken Private in $2.1B Deal, UPS Sells Ware2Go to Stord US-Based Chinese Logistics Firms Caught Using Counterfeit USPS Labels The GRU unit cyber campaign has targeted government organizations and private/commercial entities across air, sea, and rail. Among those identified include firms in the defense industry, transportation hubs such as ports and airports, the maritime industry, air traffic management and IT services. No companies have been explicitly named in the advisory. According to the report, the cyberattacks began escalating in late February 2022 at the start of Russia's invasion of Ukraine. Western logistics operates a minimal business footprint in Russia. Since the start of the Russia-Ukraine war, many Western companies ceased working with or severely limited their business with Russia, including logistics firms like Amazon, FedEx, UPS, DHL, Maersk, Hapag-Lloyd and CMA CGM. Countries with targeted entities include the U.S., Ukraine, Bulgaria, Czech Republic, France, Germany, Greece, Italy, Moldova, Netherlands, Poland, Romania and Slovakia. The bad actors' cyber espionage-oriented campaign uses a mix of previously disclosed tactics, techniques and procedures (TTPs) including credential guessing, reconstituted password spraying capabilities, sending targeted 'spearphishing' emails including links to fake login pages, and modifying Microsoft Exchange mailbox permissions. The advisory urged at-risk organizations to recognize the 'elevated' threat, indicating that they should increase monitoring and threat hunting for known TTPs and indicators of compromise to defend against more potential cyberattacks. The security coalition listed recommendations for general security mitigations, including employing network segmentation and restrictions to limit access; considering verification-reliant 'zero trust' principles when designing systems; blocking logins from public VPNs; and collecting and monitoring Windows logs for certain events, especially for events that indicate that a log was cleared unexpectedly. Additional measures were recommended to mitigate against common credential theft techniques, including reducing reliance on passwords in favor of services like single sign-on, and using multi-factor authentication with strong factors like passkeys encrypted smartcards. According to a CrowdStrike's 2024 Threat Hunting Report, which measures cyberattacks taking place between July 2023 and June 2024, technology is the top sector by intrusion frequency. On a year-over-year basis, cyberattacks escalated 60 percent. As early as March 2022, the GRU also targeted Internet-connected cameras at Ukrainian border crossings, military installations and railroad stations to monitor and track aid shipments. Eighty-one percent of the targeted attempts were in Ukraine, while another 9.9 percent took place in Romania and 4 percent were in Poland. The actors targeted real-time streaming protocol servers hosting the cameras in a large-scale campaign, which included attempts to enumerate devices and gain access to the cameras' feeds. To defend against this malicious activity, the advisory recommended applying security patches and firmware updates to all IP cameras, disabling remote access and using a firewall to prevent communication with the camera from IP addresses not on an allowlist. Organizations who co-authored the advisory include the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) in the U.S., the U.K.'s National Cyber Security Centre, as well as intelligence bureaus from Germany, Canada, Australia and France, among others. In March 2022, U.S. freight forwarder Expeditors International was hit by a cyberattack, forcing the company to temporarily halt operations for eight days. The company spent $65 million in extra costs related to the security breach. More recently, cyberattacks have been a thorn in the side of retailers, with Adidas confirming Tuesday that certain customer data was stolen through a third-party customer service provider. While the athleticwear and footwear seller said it took steps to contain the incident, the extent of the breach is unknown. Earlier this month, U.K.-based retailers including Harrod's, Marks & Spencer and the Co-op Group experienced their own cyberattacks, with M&S suffering the biggest impact. Online shopping has been severely hampered at the retailer due to outages to its website that are expected to last into July. As a result, Marks & Spencer will take a profit hit in 2025 at around 300 million pounds ($404 million). Luxury sellers are not immune, with Dior confirming its own breach, in which unauthorized parties access data from customers in regions like South Korea and China. The breach primarily affected contact information, purchase history and preference data, but not bank details or credit card information.
Yahoo
3 days ago
- Politics
- Yahoo
Russia wages silent cyberwar on Western supply chains
Imagine someone sneaking into your house, not through the front door, but through your email, your Wi-Fi or even your smart doorbell camera. That's exactly the warning in a new cybersecurity report from U.S. and international intelligence agencies: Russian military hackers have been trying to break into the digital infrastructure of Western logistics and tech companies, particularly those helping Ukraine. The attackers are part of Russia's military intelligence agency, known as the Glavnoye Razvedyvatelnoye Upravlenie (GRU), and specifically a cyberunit called the 85th Main Special Service Center, also referred to as Unit 26165. In the cybersecurity world, this group is more infamously known as 'Fancy Bear,' 'APT28,' 'Forest Blizzard' or 'BlueDelta.' It represents years of tracking by threat researchers across the globe who've linked the group to some of the highest-profile cyberespionage campaigns in recent memory. What makes this group especially dangerous is its mission and method. Unlike common cybercriminals who are after credit card numbers or quick financial gain, GRU Unit 26165's goal is state-level espionage: to infiltrate, observe and manipulate critical digital systems that power economies and militaries. Think ports, air traffic systems, IT companies that manage cargo routing software and even the infrastructure behind customs clearance. These aren't just business targets, they're strategic assets in times of war. Since Russia's invasion of Ukraine in 2022, this cyberunit has gone into overdrive. As Western countries began ramping up military and humanitarian aid to Ukraine, the GRU focused its efforts on the logistics and tech companies that support those flows. It didn't just try to hack the governments sending the aid — it went after the entire digital infrastructure involved in getting it meant targeting trucking companies coordinating military cargo. It meant breaching email systems at port authorities and tracking aircraft manifests at airports. It meant going after companies that manage GPS routing, warehouse inventories and customs data. And, perhaps most disturbingly, it meant hijacking internet-connected security cameras. These weren't just casual attempts to spy. The GRU was actively compromising Real Time Streaming Protocol (RTSP) camera feeds at border crossings, railway stations and key road junctions across Ukraine and neighboring NATO countries. From there, it could watch real-time footage of trucks, trains or convoys delivering aid and supplies. The goal? Build a live picture of how support for Ukraine was physically moving through Europe and find ways to delay, reroute or sabotage it. According to the report on GRU tactics, one of the group's go-to methods is phishing, sending fake but convincing emails that lure people into clicking malicious links or entering passwords on forged login pages. These messages often look like they're from trusted sources, government agencies or well-known tech providers, and are often written in the target's native language. In many cases, the attackers use compromised small office or home office routers to host these fake pages, making them harder to the hackers get a foot in the door, the GRU uses malware, custom-built programs designed to spy, steal or quietly hijack systems. In this campaign, it deployed malware strains called HEADLACE and MASEPIE, which allowed GRU to collect passwords, intercept emails and maintain access over time. The group also exploited known software vulnerabilities, including critical flaws in Microsoft Outlook and other email platforms, which let it harvest login credentials through rogue calendar invites and in the popular file compression tool WinRAR. Each of these bugs opened a backdoor that allowed attackers to slip past defenses without setting off alarms. Once inside a network, GRU operatives moved methodically. They searched email inboxes for logistics details like shipping manifests, sender and recipient data, tracking numbers, transport routes, and cargo descriptions. They didn't just grab the data and leave. Instead, they set up camp, adjusting email permissions, enrolling compromised accounts in multifactor authentication (MFA) to deepen trust and quietly collecting sensitive information for weeks or even months. Their aim wasn't just access, it was prolonged invisibility. The GRU studied the tempo of global trade, mapping every point where aid or military equipment might flow. The report doesn't list all the victims, but it makes clear the U.S. wasn't spared. The attackers targeted logistics and technology companies across at least 13 countries, including the U.S., Germany, France, Poland and Ukraine. At the heart of it all is a simple truth: Cyberhygiene matters, and it starts with access. The report advises organizations to treat passwords like keys to the castle. That means ditching weak or reused credentials, banning the use of default logins and embracing MFA wherever possible, especially hardware-based MFA like smartcards or security tokens that are much harder to steal or spoof than SMS codes or app-based prompts. Even better, companies should begin moving away from passwords altogether, turning to more modern approaches, like single sign-on systems or certificate-based authentication, that reduce the chances of stolen credentials being used at all.'Think about how many sticky notes are on desks or passwords that are shared through a quick [direct message]. It's 2025. It takes one second of compromise for every credential you ever sent to be a new attack vector that gets used against your customers and coworkers,' Garrett Allen, FreightTech expert and co-founder of LoadPartner, told FreightWaves. Beyond access, the report emphasizes the importance of watching every corner of your digital environment. This isn't just about having antivirus software, it's about adopting a mindset of continuous surveillance. Network defenders should be logging who accesses what, flagging unusual login times or geographic anomalies, and tracking data movement across the system. The report suggests using automated tools that can help spot and shut down attackers before they move laterally or exfiltrate sensitive files. Then comes one of the most overlooked but essential defenses: updating software. Many of the techniques used by GRU hackers relied on known vulnerabilities, some of which had patches available for months or even years. This includes high-profile flaws in Microsoft Outlook, Roundcube and WinRAR, all of which were exploited to quietly gain entry. Organizations need a structured, enforced update policy that prioritizes high-risk systems and doesn't rely on manual updates or once-a-quarter maintenance windows. But the report goes further, urging companies to rethink their digital architecture entirely. It recommends segmenting networks so that if one part is breached, the attackers can't move freely throughout the system. Access should be granted based on role and necessity — email admins shouldn't have domainwide privileges, and vendor accounts should be tightly controlled and monitored. Organizations are also urged to filter traffic aggressively. That means using firewalls to block access to known malicious domains, disabling unnecessary remote services and watching for logins from public VPNs. Finally, businesses need to recognize that their supply chain partners could be their weakest link. Vendors, contractors and connected third parties must be held to the same cybersecurity standards, and their access to internal systems should be scrutinized. . 'This makes me think about some of the legacy-to-modern bridges we have, like ELD aggregators holding credentials for thousands of carriers. What happens when one of those gets compromised?' said Allen. Trust, in the digital realm, must be earned continuously. As the report makes painfully clear, sometimes the greatest danger isn't the hackers you know. It's the silent, overlooked connection that lets them walk right in. Articles by Grace Sharkey Freight fraud: Your supply chain is showing US moves to stop China parcel shipments bearing counterfeit postal labels Avocados, auto parts and ambushes: Inside Mexico's cargo theft crisis The post Russia wages silent cyberwar on Western supply chains appeared first on FreightWaves.
Yahoo
4 days ago
- Politics
- Yahoo
Latvia urges EU-wide halt to Russian visas over 'security concerns'
Latvia is calling on all EU member states to suspend the issuance of visas to Russian citizens, citing rising security threats from Moscow, Foreign Minister Baiba Braze announced on May 25. While some EU countries have restricted or halted visa issuance to Russian citizens, others have continued processing applications, keeping a legal pathway open for Russian travel to the bloc. "Latvia calls on the EU countries to halt visa issuance for Russian citizens, citing security concerns," Braze posted on X. She noted that the number of Schengen visas issued to Russian nationals increased by 25% in 2024 compared to the previous year. The Schengen visa allows holders to travel freely across 29 European countries for up to 90 days in any 180-day period, enabling short-term visits for tourism, business, or family reasons. Latvia imposed entry restrictions on Russian citizens in September 2022 as part of a joint agreement with Lithuania, Estonia, and Poland. Czechia implemented similar restrictions in October 2022. Concerns over the abuse of Schengen visas and diplomatic privileges have grown amid a wave of suspected Russian sabotage and espionage on EU soil. On April 15, Polish media outlet Rzeczpospolita reported that Poland and Czechia are leading a new effort to restrict the movement of Russian diplomats within the Schengen zone. The initiative, reportedly first proposed in Prague in late 2023, targets individuals alleged to be operating under diplomatic cover while serving Russian military intelligence (GRU) and other security services. EU intelligence and security agencies have warned of mounting Russian sabotage operations, including several arson attacks believed to have been coordinated by Moscow. Read also: West no longer imposing range restrictions on arms for Ukraine, Germany's Merz says We've been working hard to bring you independent, locally-sourced news from Ukraine. Consider supporting the Kyiv Independent.
Metro
5 days ago
- Politics
- Metro
British missiles could soon be used against Putin deep into his own territory
To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video Four Ukrainian allies have reportedly removed range restrictions on deadly weapons supplied to the country, in a major win against the Kremlin. German Chancellor Friedrich Merz has indicated Britain has removed all restrictions on the distance Ukraine can fire UK-supplied Storm Shadow missiles inside Russian territory. 'There are no longer any range restrictions on weapons supplied to Ukraine, neither by the British, nor by the French, nor by us. Nor by the Americans,' he said. 'This means that Ukraine can now also defend itself, including by attacking military positions in Russia, for example. It couldn't do that until a while ago…. Now it can.' Last year, Britain suggested its missiles could be used inside Russia, not only in the occupied areas of Ukraine. Today's announcement suggests the UK could soon allow Ukraine to strike even further into Russia. Chancellor Merz's remarks also suggest he might begin supplying German Taurus missiles to Ukraine – which have a range of around 310 miles, or double the UK's Storm Shadows. Despite the UK allowing the use of Storm Shadow missiles, there have been few uses by Ukraine. Some military sources have suggested the British and French don't have enough missiles to resupply Ukraine, which are 'running dry'. 'The last strike using these missiles was in early January 2025 – more than four months ago,' the source said. Chairman of the Russian parliamentary defence committee Andrey Kartapolov reacted furiously to the German Chancellor's suggestion, saying Ukraine was making a mistake if it kept fighting Russia on the advice of the West. In November, Ukraine began using British-supplied missiles to strike Russia for the first time. The US also announced that Ukraine could use American weapons to attack Russia around the same time. But before the announcement that many Western countries would allow the use of long-range missiles to hit Russia, foreign intelligence warned that Russia would likely conduct 'lethal attacks' in retaliation. These range from arson and sabotage on facilities in Europe to potentially 'lethal' attacks on military bases in the United States and Europe. Officials have attributed previous acts of sabotage in Europe to Russia's military intelligence agency, the GRU. More Trending Russia has been able to orchestrate sabotage attacks within the UK while never setting foot on British soil. Last year, a British man was charged with plotting arson attacks on Ukraine-linked businesses in London after allegedly being recruited as a Russian spy. It took more than four hours for 60 firefighters to tackle a March 20 fire at the Staffa Road industrial estate – a Ukrainian-linked warehouse in east London. But as Russian expert Keir Giles told Metro earlier this month: 'There's no reason to think that after so many demonstrations of empty Russian threats, an extension of the use of missiles already in service would be the final straw that would trigger a suicidal response from the Kremlin.' Get in touch with our news team by emailing us at webnews@ For more stories like this, check our news page. MORE: Kremlin says Trump's 'absolutely crazy' jab at Putin was 'emotional overload' MORE: Ukraine hit by massive overnight bombardment with Russian strikes killing at least 13 MORE: Mum who put out a hit on her 12-year-old daughter was fed up of 'bad behaviour'
