Russia Targeting Western Companies

Global Attacks

May 21, 2025

This Joint Cybersecurity Advisory highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This campaign includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine.

Since 2022, Western logistics entities and technology companies have faced an elevated risk of targeting by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), military unit 26165—tracked in the cybersecurity community under several names. The threat actors’ cyber espionage-oriented campaign, targeting logistics entities and technology companies, uses a mix of previously disclosed tactics, techniques, and procedures (TTPs). The authoring agencies expect similar targeting and TTP use to continue.

Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise (IOCs), and posture network defenses with a presumption of targeting.

This joint advisory provides target description, initial access TTPs, IOCs, mitigation techniques, and is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cybercriminals.

Reporting

The NJCCIC encourages recipients who discover signs of malicious cyber activity to contact the NJCCIC via the cyber incident report form at www.cyber.nj.gov/report.

Please do not hesitate to contact the NJCCIC at njccic@cyber.nj.gov with any questions. Also, for more background on our recent cybersecurity efforts, please visit cyber.nj.gov.

Russia Targeting Western Companies

Share This Article

Related Posts