20.07.2025.

Russia’s Cyber Warriors Assail NATO-Linked Private Companies

Russia’s military intelligence agency (GRU) is targeting Western logistics and technology companies, the US Department of Defense warned in May, along with its counterparts in Germany, France, the UK, Australia, Canada, Denmark, Poland, and Estonia. 

GRU’s Unit 26165, often known as Fancy Bear, has been carrying out a cyber espionage campaign to monitor Ukrainian and NATO defense and logistics activities; the unit even targeted internet-connected cameras in Ukraine and bordering NATO countries to watch the feeds.

The campaign is widespread and effective; the joint warning states: “The Unit 26165 cyber campaign against Western logistics providers and technology companies has targeted dozens of entities, including government organizations and private/commercial entities across virtually all transportation modes: air, sea, and rail.”

This is hardly the first time a Russian security agency such as the GRU has launched a widespread cyber campaign against Western companies. Yet it speaks to a problem far bigger than the logistics sector. Russia’s targeting of these private-sector firms sits within a broader patchwork of cyber threats to the West — threats which may grow unless the US and its allies maintain a united front and an understanding of Russian hostility. 

Western businesses can become the target of Russian cyber intrusion and degradation for both expected and unexpected reasons that link them, in Moscow’s mind, to the full-scale war on Ukraine. Material support to Ukraine — such as providing weapons, ammunition, or satellite imagery to Ukrainian military and security agencies — is a more obvious factor putting private-sector companies in the Russian crosshairs. 

Agencies like the GRU may hack such companies to spy on their operations or to install malware that can disrupt weapons delivery. They might even wish to manipulate satellite footage. The more Ukrainian forces innovate and draw on the likes of consumer drone parts and AI models, the wider Russia’s cyber target set may become.

But company actions many in the West would not perceive as “supporting Ukraine” can be viewed that way by the Kremlin. Social media platforms that let users post news articles about Russian war crimes are a prime example. Analysts in the West may rightfully see these corporate decisions as independently made and reflective of an open media environment. 

To a government, however, that has long seen organic social movements as foreign-directed — and has legally designated Meta, which owns Facebook, an extremist organization — these actions fit within a paradigm where Western nations wield their tech and other front companies like swords to undercut the Kremlin. Even though the recent advisory focused on logistics for Ukraine and NATO, Moscow’s imagination of the Ukraine-, NATO-, and Western-linked corporate web is much broader.

The US approach in the coming months to Russia, Ukraine, and talk of a ceasefire could further increase the Russian government’s risk tolerance in this area. Certainly, the Putin regime already sees itself at war with the West; American support for or admonition of Russia’s diplomatic positions are not going to change that hardened view. 

But if Russia perceives the United States has lost all interest in Ukraine and that it may abandon defense partnerships in Europe, for example, its interest in state agency-led disruption of European defense firms could grow. Mere signals that the US will not take a hard line on Russian subversive activity will de facto encourage the most aggressive among Russian security agencies.

Looking forward, Russia is highly likely to continue such operations. They can provide Russian agencies with useful intelligence on how Ukraine, NATO, and Europe are defending themselves and building out their security architectures. While Russia lacks a formal cyber strategy and a centralized cyber command, these measures also fit within a continuous, active measures-style approach to conflict and subversion that seeks to coerce any state, state-affiliated, or nonstate actors helping Russia’s enemies.

Companies beyond the defense sector, including in emerging technologies, should invest more in defenses and recovery from incidents due to these risks. Because whatever delusions some in the West may have about a cyber détente with Russia, the Kremlin is not going to stop its operations against the West. Companies are frontline targets and must adapt to that threat.

 

 

20.07.2025.
EU imposes new sanctions on Russia's oil and banks after Robert Fico lifts his veto 20.07.2025.
Russia’s Cyber Warriors Assail NATO-Linked Private Companies 20.07.2025.
Approved strategic projects within the 5th call of the Interreg Euro-MED Transnational Cooperation Programme 2021 – 2027 19.07.2025.
Putin’s Game of War-Making and Bargaining Comes to End 18.07.2025.
Matryoshka’s Moldovan manipulation 18.07.2025.
Sanctions hit harder than bombs: Russian courts reveal systemic failure in weapons supply 18.07.2025.
EIB Global steps up support for Montenegro’s economic development 18.07.2025.
Russian hybrid threats: EU lists nine individuals and six entities responsible for destabilising actions in the EU and Ukraine 18.07.2025.
Swiss say foreign spying threat high, citing Russia, China 17.07.2025.
Ukraine: A European Vision of Victory?