| This Joint Cybersecurity Advisory highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This campaign includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. |
| Since 2022, Western logistics entities and technology companies have faced an elevated risk of targeting by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), military unit 26165—tracked in the cybersecurity community under several names. The threat actors’ cyber espionage-oriented campaign, targeting logistics entities and technology companies, uses a mix of previously disclosed tactics, techniques, and procedures (TTPs). The authoring agencies expect similar targeting and TTP use to continue. |
| Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise (IOCs), and posture network defenses with a presumption of targeting. |
| This joint advisory provides target description, initial access TTPs, IOCs, mitigation techniques, and is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cybercriminals. |