Russia-Linked Hackers Target Western Companies Helping Ukraine, Say U.S. and Allies

As Russia continues its missile attacks on Ukraine, Russian hackers are stepping up their efforts to disrupt the companies helping Ukraine, according to a new cyber threat warning from the U.S. and its allies.

A Russian cyber group known as Fancy Bear has been focusing on logistics and tech companies that are involved in delivering aid to Ukraine. This warning was issued in a joint advisory on Wednesday by the U.S. and 10 allied countries including the U.K., Canada, Germany, and France.

The hackers have targeted defense contractors, transportation services, maritime companies, air traffic control systems, and IT service providers. They use several methods to break into systems — including cracking passwords, sending fake emails to steal login details, and exploiting weaknesses in programs like Microsoft Outlook.

The advisory says companies involved in shipping aid should be on high alert. Cybersecurity experts recommend that these businesses increase monitoring and watch for signs of a cyberattack. They also suggest that companies assume they are being targeted and take steps to protect themselves.

The hackers’ actions appear to be connected to earlier efforts to hack into internet-connected cameras near military bases and border crossings. These cameras may have helped Russia track the movement of aid into Ukraine.

In one case, the hackers stole login information to access sensitive details about trains, planes, and ships carrying aid to Ukraine — including routes and cargo.

Russia reportedly used malware called HEADLACE and MASEPIE, along with built-in Windows tools, to stay hidden in networks for long periods.

The joint warning from Western governments says this type of hacking is expected to continue.

Countries where organizations have been targeted include the U.S., Ukraine, Germany, France, the Netherlands, Poland, Italy, and several others in Europe.