{"id":1647,"date":"2025-05-22T09:19:51","date_gmt":"2025-05-22T09:19:51","guid":{"rendered":"https:\/\/www.tsfactory.com\/forums\/?p=1647"},"modified":"2025-05-22T09:19:51","modified_gmt":"2025-05-22T09:19:51","slug":"russian-hackers-exploit-email-and-vpn-vulnerabilities-to-spy-on-ukraine-aid-logistics","status":"publish","type":"post","link":"https:\/\/www.tsfactory.com\/forums\/blog\/russian-hackers-exploit-email-and-vpn-vulnerabilities-to-spy-on-ukraine-aid-logistics\/","title":{"rendered":"Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics"},"content":{"rendered":"

Russian cyber threat actors have been\u00a0attributed<\/a>\u00a0to a state-sponsored campaign targeting Western logistics entities and technology companies since 2022.<\/p>\n

The activity has been assessed to be orchestrated by APT28 (aka BlueDelta, Fancy Bear, or Forest Blizzard), which is linked to the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, Military Unit 26165.<\/p>\n

Targets of the campaign include companies involved in the coordination, transport, and delivery of foreign assistance to Ukraine, according to a joint advisory released by agencies from Australia, Canada, Czechia, Denmark, Estonia, France, Germany, the Netherlands, Poland, the United Kingdom, and the United States.<\/p>\n

“This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors’ wide scale targeting of IP cameras in Ukraine and bordering NATO nations,” the bulletin\u00a0said<\/a>.<\/p>\n

The alert comes weeks after France’s foreign ministry\u00a0accused<\/a>\u00a0APT28 of mounting cyber attacks on a dozen entities including ministries, defense firms, research entities, and think tanks since 2021 in an attempt to destabilize the nation.<\/p>\n

Then last week, ESET took the wraps off a campaign dubbed\u00a0Operation RoundPress<\/a>\u00a0that it said has been ongoing since 2023 by exploiting cross-site scripting (XSS) vulnerabilities in various webmail services like Roundcube, Horde, MDaemon, and Zimbra to single out governmental entities and defense companies in Eastern Europe, as well as governments in Africa, Europe, and South America.<\/p>\n

Read the Full Story Here<\/a><\/p>\n

Source: The Hacker News<\/p>\n","protected":false},"excerpt":{"rendered":"

Russian cyber threat actors have been\u00a0attributed\u00a0to a state-sponsored campaign targeting Western logistics entities and technology companies since 2022. The activity has been assessed to be orchestrated by APT28 (aka BlueDelta, Fancy Bear, or Forest Blizzard), which is linked to the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, Military Unit 26165. […]<\/p>\n","protected":false},"author":2,"featured_media":1266,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1647","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"yoast_head":"\nRussian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics - Community<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.tsfactory.com\/forums\/blog\/russian-hackers-exploit-email-and-vpn-vulnerabilities-to-spy-on-ukraine-aid-logistics\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics - Community\" \/>\n<meta property=\"og:description\" content=\"Russian cyber threat actors have been\u00a0attributed\u00a0to a state-sponsored campaign targeting Western logistics entities and technology companies since 2022. The activity has been assessed to be orchestrated by APT28 (aka BlueDelta, Fancy Bear, or Forest Blizzard), which is linked to the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, Military Unit 26165. […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.tsfactory.com\/forums\/blog\/russian-hackers-exploit-email-and-vpn-vulnerabilities-to-spy-on-ukraine-aid-logistics\/\" \/>\n<meta property=\"og:site_name\" content=\"Community\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/TSFactoryLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-22T09:19:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/05\/ukraineflag.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"1920\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Chelsie Wyatt\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:site\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chelsie Wyatt\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/russian-hackers-exploit-email-and-vpn-vulnerabilities-to-spy-on-ukraine-aid-logistics\/\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/russian-hackers-exploit-email-and-vpn-vulnerabilities-to-spy-on-ukraine-aid-logistics\/\",\"name\":\"Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics - Community\",\"isPartOf\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/russian-hackers-exploit-email-and-vpn-vulnerabilities-to-spy-on-ukraine-aid-logistics\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/russian-hackers-exploit-email-and-vpn-vulnerabilities-to-spy-on-ukraine-aid-logistics\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/05\/ukraineflag.jpg\",\"datePublished\":\"2025-05-22T09:19:51+00:00\",\"author\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/russian-hackers-exploit-email-and-vpn-vulnerabilities-to-spy-on-ukraine-aid-logistics\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.tsfactory.com\/forums\/blog\/russian-hackers-exploit-email-and-vpn-vulnerabilities-to-spy-on-ukraine-aid-logistics\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/russian-hackers-exploit-email-and-vpn-vulnerabilities-to-spy-on-ukraine-aid-logistics\/#primaryimage\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/05\/ukraineflag.jpg\",\"contentUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/05\/ukraineflag.jpg\",\"width\":1280,\"height\":1920},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/russian-hackers-exploit-email-and-vpn-vulnerabilities-to-spy-on-ukraine-aid-logistics\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.tsfactory.com\/forums\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/\",\"name\":\"Community\",\"description\":\"TSFactory\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\",\"name\":\"Chelsie Wyatt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"caption\":\"Chelsie Wyatt\"},\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics - Community","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.tsfactory.com\/forums\/blog\/russian-hackers-exploit-email-and-vpn-vulnerabilities-to-spy-on-ukraine-aid-logistics\/","og_locale":"en_US","og_type":"article","og_title":"Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics - Community","og_description":"Russian cyber threat actors have been\u00a0attributed\u00a0to a state-sponsored campaign targeting Western logistics entities and technology companies since 2022. The activity has been assessed to be orchestrated by APT28 (aka BlueDelta, Fancy Bear, or Forest Blizzard), which is linked to the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, Military Unit 26165. […]","og_url":"https:\/\/www.tsfactory.com\/forums\/blog\/russian-hackers-exploit-email-and-vpn-vulnerabilities-to-spy-on-ukraine-aid-logistics\/","og_site_name":"Community","article_publisher":"https:\/\/www.facebook.com\/TSFactoryLLC\/","article_published_time":"2025-05-22T09:19:51+00:00","og_image":[{"width":1280,"height":1920,"url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/05\/ukraineflag.jpg","type":"image\/jpeg"}],"author":"Chelsie Wyatt","twitter_card":"summary_large_image","twitter_creator":"@TSFactoryLLC","twitter_site":"@TSFactoryLLC","twitter_misc":{"Written by":"Chelsie Wyatt","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/russian-hackers-exploit-email-and-vpn-vulnerabilities-to-spy-on-ukraine-aid-logistics\/","url":"https:\/\/www.tsfactory.com\/forums\/blog\/russian-hackers-exploit-email-and-vpn-vulnerabilities-to-spy-on-ukraine-aid-logistics\/","name":"Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics - Community","isPartOf":{"@id":"https:\/\/www.tsfactory.com\/forums\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/russian-hackers-exploit-email-and-vpn-vulnerabilities-to-spy-on-ukraine-aid-logistics\/#primaryimage"},"image":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/russian-hackers-exploit-email-and-vpn-vulnerabilities-to-spy-on-ukraine-aid-logistics\/#primaryimage"},"thumbnailUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/05\/ukraineflag.jpg","datePublished":"2025-05-22T09:19:51+00:00","author":{"@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f"},"breadcrumb":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/russian-hackers-exploit-email-and-vpn-vulnerabilities-to-spy-on-ukraine-aid-logistics\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.tsfactory.com\/forums\/blog\/russian-hackers-exploit-email-and-vpn-vulnerabilities-to-spy-on-ukraine-aid-logistics\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/russian-hackers-exploit-email-and-vpn-vulnerabilities-to-spy-on-ukraine-aid-logistics\/#primaryimage","url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/05\/ukraineflag.jpg","contentUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2024\/05\/ukraineflag.jpg","width":1280,"height":1920},{"@type":"BreadcrumbList","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/russian-hackers-exploit-email-and-vpn-vulnerabilities-to-spy-on-ukraine-aid-logistics\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.tsfactory.com\/forums\/"},{"@type":"ListItem","position":2,"name":"Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics"}]},{"@type":"WebSite","@id":"https:\/\/www.tsfactory.com\/forums\/#website","url":"https:\/\/www.tsfactory.com\/forums\/","name":"Community","description":"TSFactory","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f","name":"Chelsie Wyatt","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","caption":"Chelsie Wyatt"},"url":"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/"}]}},"_links":{"self":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1647","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/comments?post=1647"}],"version-history":[{"count":1,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1647\/revisions"}],"predecessor-version":[{"id":1648,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/1647\/revisions\/1648"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media\/1266"}],"wp:attachment":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media?parent=1647"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/categories?post=1647"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/tags?post=1647"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}