Free Trial

Russian hackers target Western firms shipping aid to Ukraine, US intelligence says

In this photo provided by Ukraine's 65th Mechanized Brigade press service, Ukrainian servicemen practice at the military training ground in the Zaporizhzhia region, Ukraine, Thursday, May 22, 2025, (Andriy Andriyenko/Ukraine's 65th Mechanized Brigade via AP)

Key Points

  • U.S. intelligence says hackers working for Russian military intelligence unit Fancy Bear targeted Western technology and logistics firms involved in shipping aid to Ukraine to obtain details on the type and timing of assistance entering the country.
  • More than 10,000 internet-connected cameras—including private devices and public traffic cameras at ports, rail hubs and border crossings in Ukraine and neighboring countries—were targeted for surveillance.
  • The campaign, active since 2022, used spear-phishing and exploited vulnerabilities in small office and home networks to gain access, providing Russia a granular view of the aid supply chain that could inform war planning or further attacks.
  • The NSA, FBI and allied agencies warn that Russia is likely to continue spying on aid shipments and advise at-risk logistics companies to anticipate targeting and strengthen cybersecurity defenses.
  • MarketBeat previews top five stocks to own in June.

WASHINGTON (AP) — Hackers working for Russian military intelligence targeted Western technology and logistics companies involved in shipping assistance to Ukraine, the U.S. National Security Agency said.

The hackers were trying to obtain details about the type of assistance entering Ukraine and, as part of the effort, sought access to the feeds of internet-connected cameras near Ukrainian border crossings, according to the NSA's report on the cyberattack, which was issued late Wednesday.

The cyber campaign sought to penetrate defense, transportation and logistics companies in several Western countries, including the U.S., as well as ports, airports and rail systems. The report didn’t specify which types of aid Russia was surveilling, but Ukraine’s allies have contributed significant amounts of military and humanitarian assistance since the war began.

More than 10,000 internet-connected cameras were targeted, including private devices and public traffic cameras near critical transportation points, such as ports, rail hubs or border crossings. Most were in Ukraine, though some were in Romania, Poland and other eastern or central European countries.

Officials did not disclose details about the hackers' success or how long they remained unnoticed. The activity detailed in the report began in 2022, the same year that Russia invaded Ukraine.

Russia is expected to continue its efforts to spy on aid shipments, and companies involved in aid logistics or shipments should be on guard, according to the report, which was issued jointly by the NSA, the FBI and security agencies in several allied nations.

“To defend against and mitigate these threats, at-risk entities should anticipate targeting,” the NSA said.

Authorities linked the activity to a Russian military intelligence unit dubbed “Fancy Bear” that is well known for its past campaigns targeting the U.S. and its allies.

The hackers used a variety of tactics to gain access, including spearphishing, which involves sending authentic-looking messages to a potential victim that contain links to harmful software or requests for sensitive information.

The Russian team also exploited security vulnerabilities in computer devices used at small and in-home offices, networks that often lack the security measures found in larger systems.

The hackers didn't use particularly innovative techniques, according to Grant Geyer, chief strategy officer at the cybersecurity company Claroty. Nevertheless, the sprawling yet carefully orchestrated effort gives the Russians a “granular understanding” of the aid sent to Ukraine, he said.

“They have done detailed targeting across the entire supply chain to understand what equipment is moving, when and how — whether it’s by aircraft, ship or rail,” Geyer said.

Russia could use the information it obtained to hone its war planning, Geyer said, or to plot further cyber or physical attacks on the supply chain to Ukraine.

Last fall, U.S. intelligence officials issued a public bulletin directing American defense companies and suppliers to increase security precautions following several acts of sabotage in Europe that officials have blamed on Russia.

The Russian Embassy in Washington didn't immediately respond to messages seeking comment.

Where Should You Invest $1,000 Right Now?

Before you make your next trade, you'll want to hear this.

MarketBeat keeps track of Wall Street's top-rated and best performing research analysts and the stocks they recommend to their clients on a daily basis.

Our team has identified the five stocks that top analysts are quietly whispering to their clients to buy now before the broader market catches on... and none of the big name stocks were on the list.

They believe these five stocks are the five best companies for investors to buy now...

See The Five Stocks Here

Elon Musk's Next Move Cover

Explore Elon Musk’s boldest ventures yet—from AI and autonomy to space colonization—and find out how investors can ride the next wave of innovation.

Get This Free Report
Like this article? Share it with a colleague.

Featured Articles and Offers

Recent Videos

NVIDIA Earnings Preview: HUGE Stock Move Ahead
These 5 Small Stocks Could Deliver Huge Returns
ACT FAST! Congress Is POURING Into This Stock

Stock Lists

All Stock Lists

Investing Tools

Calendars and Tools

Search Headlines