UK uncovers Russian Cyber Campaign aimed at Sabotaging Global Supply Chains
British authorities have publicly named and sanctioned members of Russia’s GRU for conducting a coordinated cyber campaign targeting logistics, transport, and tech organizations across the UK, US, and EU. The operation—led by the hacking group “Star Blizzard” (also known as APT29 or Cozy Bear)—was revealed in a joint statement by the UK Foreign Office and National Cyber Security Centre (NCSC).
According to the UK Foreign Office, the campaign began as early as 2022 and used spear-phishing emails and fake recruitment approaches to gain access to sensitive information, including email accounts. The attacks focused on sectors with strategic importance—particularly organizations involved in logistics and supply chains critical to Ukraine and broader transatlantic coordination.
Two Russian nationals, affiliated with the GRU, have been sanctioned for their roles in the operation. Foreign Secretary David Cameron condemned the campaign and summoned Russia’s ambassador to account for the activities. The individuals being designated in the UK and US are:
- Ruslan Aleksandrovich Peretyatko, who is a Russian FSB intelligence officer and a member of Star Blizzard
- Andrey Stanislavovich Korinets, aka Alexey Doguzhiev, a member of Star Blizzard
“We will not tolerate cyber aggression,” Cameron said, adding that the UK would continue to expose and respond to Russian intelligence operations targeting democratic states and vital industries.
While British officials did not name specific companies targeted, they confirmed that both government and private sector organizations were affected. The campaign also extended to individual political figures, journalists, and NGOs, reflecting Moscow’s longstanding goal of gathering intelligence on critics and potential disruptors of its foreign policy agenda.
The group behind the operation, Star Blizzard, has previously been linked to numerous state-backed cyber intrusions, including past attempts to hack email accounts belonging to US and UK officials, NATO staff, and international research institutions:
- Spear-phishing of UK parliamentarians from multiple parties since 2015.
- Hack and leak of UK-US trade documents ahead of the 2019 General Election.
- Targeting of the Institute for Statecraft (2018) and its founder Christopher Donnelly (2021), with stolen materials later leaked.
- Attacks on universities, journalists, NGOs, and civil society organizations critical to UK democratic functions.
Security analysts note the group’s methodical approach—crafting messages that appear to come from trusted sources, often mimicking job offers or press inquiries to lure victims into opening compromised links.
British intelligence says the exposure of this campaign is part of a broader strategy to deter future attacks by publicly attributing responsibility.
The move is also intended to strengthen international cooperation in cybersecurity and intelligence sharing, especially among countries supporting Ukraine.
Russia’s use of cyber operations to supplement conventional warfare and apply pressure to Western logistics networks has increased steadily since the full-scale invasion of Ukraine in 2022.