NSA: Russian hackers known as Sandworm targeting US, European supply chain for Ukraine using malware and ransomware

The National Security Agency (NSA) has said that Russian hackers are using ransomware to attack supply chains that are critical for supporting Ukraine. Numerous logistical supply chains are in use inside Ukraine, in neighboring European countries, and also originating from the United States. These include humanitarian aid, weapons, and other equipment in support of Ukraine against Russia.

According to NSA’s director of cybersecurity Rob Joyce, Russian hackers may increasingly target the US supply chain logistics as the war continues. The NSA is seeing “a significant amount of intelligence gathering into the Western countries, to include the US, in that logistics supply chain,” Joyce said during a briefing at the RSA Security Conference 2023 in San Francisco last week.

The hacking unit within Russia’s GRU military intelligence agency known as ‘Sandworm’ has carried out some of the worst cyberattacks in history. Ransomware, blackout attacks on critical infrastructure, and reconnaissance are just some of the tactics used by the unit over the years.

ESET Research documenting cyberattacks against Ukraine attributed to Sandworm, a Russian GRU hacking unit. (Source: Twitter)

Supply chain logistics are critical to the survival and operations of Ukraine. Military and humanitarian aid are largely provided by the US, exceeding $30 billion already. Lethal aid is also provided by the European Union.

Any disruption to these supply chain logistics and support could prove detrimental to the civilians of Ukraine and the military efforts of the Ukrainian military.

“I think they’re trying to figure out what is the way to disrupt the logistics internal to Ukraine, but especially all of the surge that the West has been able to bring forth, both lethal and the humanitarian goods flowing in,” Joyce said.