A coordinated international effort has exposed a Russian military intelligence operation aimed at disrupting arms deliveries to Ukraine, according to a joint statement released on Wednesday by several Western nations including the United Kingdom, United States, Canada, and multiple European states.
The UK’s National Cyber Security Centre (NCSC) confirmed the existence of the campaign, attributing it to Unit 26165 of the Russian military intelligence service (GRU). The operation, allegedly active since 2022, is said to have targeted both public and private sector entities involved in the transport and coordination of military assistance to Ukraine.
Cybersecurity authorities from eleven countries—including the United States, Canada, Germany, Poland, and Estonia—took part in the investigation. They report that the Russian cyber campaign extended beyond military supply chains and affected a wide array of sectors. These include defence industries, information technology services, maritime logistics, airports, seaports, and air traffic management systems across multiple NATO member states.
The joint statement noted that the campaign’s specific focus was on organisations involved in the coordination, transportation, and delivery of aid to Ukraine. Russian hackers are reported to have exploited software vulnerabilities and gained access to internal networks of logistics departments. In certain instances, they were able to breach surveillance systems at border crossings into Ukraine, as well as near military installations.
No further public details were provided regarding the full extent of the operation or the potential operational damage caused. However, the revelation underscores a sustained Russian effort to obstruct the delivery of Western military assistance to Kyiv.
The latest disclosure adds to a growing catalogue of reported cyber incidents linked to Russian actors since the launch of the full-scale invasion of Ukraine in February 2022. Throughout 2024 alone, cyberattacks were reported against German and Czech institutions, both of which have been active in supporting Ukraine militarily and diplomatically.
Earlier this year, the United States issued indictments against six Russian nationals accused of participating in large-scale cyber operations. The suspects are alleged to have conducted cyberattacks against Ukrainian infrastructure and NATO member states in the period leading up to the Russian invasion.
Western intelligence services have long warned of the GRU’s capacity for offensive cyber operations. Unit 26165, also known by the aliases APT28 or Fancy Bear in cybersecurity nomenclature, has been previously linked to high-profile attacks, including the 2016 breach of the Democratic National Committee in the United States.
Wednesday’s coordinated disclosure represents one of the most detailed public attributions against the GRU in connection with attempts to sabotage Ukraine’s military supply chain. It also reflects an increased level of international cooperation among cyber defence agencies seeking to deter further state-sponsored cyber activity originating from Russia.
While official sources have not disclosed specific incidents of disruption caused by this campaign, experts suggest the operations could be aimed at gathering intelligence, delaying deliveries, or undermining trust between Ukraine and its Western partners. Some cybersecurity analysts have also noted the use of hybrid tactics—combining cyber intrusions with disinformation—to target both logistical systems and public opinion.
The operation appears consistent with Moscow’s broader strategy to exploit digital vulnerabilities as a means of extending the battlefield beyond conventional combat zones. Since 2022, Ukraine and its allies have repeatedly warned of cyber threats aimed at critical infrastructure, particularly in relation to defence, energy, and communication networks.
NATO officials have previously stated that a significant cyberattack could trigger the Alliance’s collective defence clause under Article 5, though thresholds for such action remain deliberately ambiguous.
The NCSC and its international counterparts have encouraged organisations involved in Ukraine-related aid and logistics to strengthen their cyber resilience, review access controls, and monitor network activity for indicators of compromise linked to known GRU tactics, techniques, and procedures.
As Ukraine continues to rely heavily on external military support, the security of supply chains—both physical and digital—remains a key element of Kyiv’s defensive capacity. With no signs of a resolution to the conflict in sight, cyber warfare is expected to remain a prominent tool in Russia’s broader confrontation with NATO and its partners.
Read also:
Belgium Holds First Trial of Russian Nationals for Cybercrime
