UK and allies expose Russian intelligence campaign targeting western logistics and technology organisations

The NCSC published a joint advisory informing of increased threats from Russian Intelligence campaigns.

The National Cyber Security Centre (NCSC) has co-authored a cyber security advisory in collaboration with counterparts from the United States, Germany, Czech Republic, Poland, Australia, Canada, Denmark, Estonia, France, and the Netherlands.

This advisory urges UK organisations to familiarise themselves with emerging cyber threats, particularly those linked to targeted campaigns orchestrated by Russian intelligence services.

The threat actor identified as GRU Unit 26165—also known as APT28—has been associated with advanced and persistent cyber operations. Their tactics include credential-guessing, spear-phishing, and exploitation of Microsoft Exchange mailboxes. According to the NCSC, the group has been actively targeting entities involved in logistics and transportation, particularly those supporting operations related to Ukraine, since at least 2022.

Paul Chichester, NCSC Director of Operations, has called on UK organisations to remain vigilant and take proactive steps to bolster their cyber defences. He recommends that organisations review the technical guidance provided in the advisory to mitigate the risks associated with these threats.

The advisory highlights technology and logistics sectors as particularly vulnerable. Organisations in these industries are strongly encouraged to enhance their cybersecurity posture by implementing measures such as increased network monitoring, deploying multi-factor authentication with robust factors, and ensuring all systems are up to date with the latest security patches.