CVE-2023-23397

Executive Summary This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), military unit 26165—tracked in the cybersecurity community under several names (see “Cybersecurity Industry Tracking”). The actors’ cyber espionage-oriented campaign, targeting technology companies and logistics entities, uses a mix of previously disclosed tactics, techniques, and procedures (TTPs). The authoring agencies expect similar targeting and TTP use to continue. Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise (IOCs), and posture network defenses with a presumption of targeting. This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors’ wide scale targeting of IP cameras in Ukraine and bordering NATO nations. The following authors and co-sealers are releasing this CSA: United States National Security Agency (NSA) United States Federal Bureau of Investigation (FBI) United Kingdom National Cyber Security Centre (NCSC-UK) Germany Federal Intelligence Service (BND) Bundesnachrichtendienst Germany Federal Office for Information Security (BSI) Bundesamt für Sicherheit in der Informationstechnik Germany Federal Office for the Protection of the Constitution (BfV) Bundesamt für Verfassungsschutz Czech Republic Military Intelligence (VZ)  Vojenské zpravodajství Czech Republic...