Russian cyberattacks threaten Poland's aid routes to Ukraine

According to "The Guardian," Russian intelligence has hacked into approximately 400 cameras in Poland to disrupt the transport of humanitarian aid to Ukraine. The attacks are directed at internet-connected cameras situated at border crossings and near military installations. It is probable that both municipal and private cameras have been compromised.

The British National Cyber Security Centre (NCSC) reported that the Russian unit GRU 26165 (Glavnoye Razvedyvatel'noye Upravleniye) has taken control of 10,000 cameras in various countries since 2022.

The actions of Russian intelligence may significantly weaken the effectiveness of humanitarian missions. Access to footage from cameras near borders, logistics warehouses, or transport routes allows them to track aid convoys. This poses risks of disruption, delay, or even deliberate targeting. Such operations effectively expand the field of warfare to the rear of military activities, striking at structures providing support to the civilian population. Simultaneously, this impacts the security of critical infrastructure in states involved in helping Ukraine, indicating that humanitarian efforts may also become targets of information and cyber warfare.

Russian intelligence activities have not only involved controlling strategic cameras. In addition to accessing camera footage, Russian services conducted an extensive phishing campaign. Hackers distributed emails with pornographic content or impersonated IT department employees, attempting to obtain access credentials to internal systems. The goal was to gather information about train schedules and shipping documents, potentially facilitating the disruption of equipment or humanitarian aid transport. The scale and nature of the campaign illustrate that Russia's cyber activities aim not only to gather information but also to disrupt the logistical support for Ukraine.

According to the report, Russian activities against Poland will persist, targeting Polish companies engaged in rail, maritime, and air transport, as well as the defense and IT sectors.

Russians also have in their toolbox actions like spearphishing, one of the most sophisticated forms of cyberattacks. This involves a precisely targeted phishing scheme. Unlike traditional phishing, which is sent out en masse, spearphishing requires prior reconnaissance of the victim. Cybercriminals gather information about a specific person, institution, or organization to craft a credible message impersonating, for instance, a colleague, superior, or trusted business partner. The aim is to deceive the victim into clicking on a malicious link, downloading a malware-laden file, or providing access credentials. Such attacks are harder to detect and significantly more effective due to their personalization.

According to a report published by the British National Cyber Security Centre (NCSC), Russian cyber operations are not limited to isolated incidents but form part of a wide-ranging campaign aimed at strategic sectors of NATO countries. The targets include defense infrastructure, IT service providers, maritime transport, and key logistics hubs like airports, ports, and air traffic management systems. The scale and scope of these activities indicate an effort to disrupt the security and functioning of critical infrastructure in Allied countries.

A warning about Russian attacks was issued by the United Kingdom together with Poland, the USA, Germany, the Czech Republic, Australia, Canada, Denmark, Estonia, France, and the Netherlands. The NCSC announced enhanced network monitoring and updates to online security in the near future.