Russian hackers involved in the campaign have gone after government organizations and private companies in the defense, transport, maritime, air traffic management and IT sectors, they said.
Organizations from those industries based in Bulgaria, the Czech Republic, France, Germany, Greece, Italy, Moldova, the Netherlands, Poland, Romania, Slovakia, Ukraine and the U.S. were targeted, according to Wednesday’s statement.
The Western countries explicitly linked the cyber campaign to Russia’s war in Ukraine, saying the attacks ramped up after February 2022.
As Russian forces “failed to meet their military objectives and Western countries provided aid to support Ukraine’s territorial defense, Unit 26165 expanded its targeting of logistics entities and technology companies involved in the delivery of aid,” they said.
Multiple Russian hacking groups increased their activity at that time, but Unit 26165 focused on espionage — including targeting internet-connected cameras at Ukrainian border crossings and at least one organization involved in railway industrial control systems — the Western countries said Wednesday.
Unit 26165 was previously sanctioned by the EU for hacking the German Bundestag in 2015. It has also been tied to hacks of the U.S. Democratic National Committee in 2016 and of email accounts belonging to then-Chancellor Olaf Scholz’s Social Democratic Party in 2022 and 2023.
More recently, France accused it of orchestrating cyberattacks on President Emmanuel Macron’s 2017 election campaign.