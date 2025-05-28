Imagine someone sneaking into your house, not through the front door, but through your email, your Wi-Fi or even your smart doorbell camera. That’s exactly the warning in a new cybersecurity report from U.S. and international intelligence agencies: Russian military hackers have been trying to break into the digital infrastructure of Western logistics and tech companies, particularly those helping Ukraine.

The attackers are part of Russia’s military intelligence agency, known as the Glavnoye Razvedyvatelnoye Upravlenie (GRU), and specifically a cyberunit called the 85th Main Special Service Center, also referred to as Unit 26165. In the cybersecurity world, this group is more infamously known as “Fancy Bear,” “APT28,” “Forest Blizzard” or “BlueDelta.” It represents years of tracking by threat researchers across the globe who’ve linked the group to some of the highest-profile cyberespionage campaigns in recent memory.

What makes this group especially dangerous is its mission and method. Unlike common cybercriminals who are after credit card numbers or quick financial gain, GRU Unit 26165’s goal is state-level espionage: to infiltrate, observe and manipulate critical digital systems that power economies and militaries. Think ports, air traffic systems, IT companies that manage cargo routing software and even the infrastructure behind customs clearance. These aren’t just business targets, they’re strategic assets in times of war.

Why target logistics?

Since Russia’s invasion of Ukraine in 2022, this cyberunit has gone into overdrive. As Western countries began ramping up military and humanitarian aid to Ukraine, the GRU focused its efforts on the logistics and tech companies that support those flows. It didn’t just try to hack the governments sending the aid — it went after the entire digital infrastructure involved in getting it there.

That meant targeting trucking companies coordinating military cargo. It meant breaching email systems at port authorities and tracking aircraft manifests at airports. It meant going after companies that manage GPS routing, warehouse inventories and customs data.