The Australian Cyber Security Centre (ACSC), in partnership with international counterparts, has issued a warning about ongoing cyber operations by Russian state-sponsored actors targeting logistics and technology sectors across Western countries. 

This advisory, released in collaboration with cybersecurity agencies in the United States and United Kingdom, confirms that the Russian military intelligence agency, specifically the GRU’s Centre 85 (APT28), is conducting sustained malicious activity designed to exploit edge devices and gain long-term access to enterprise networks. 

For Australian organisations involved in logistics, technology, or adjacent industries, the message is clear: review, harden, and monitor your cyber infrastructure now. 

 

Who Is Involved?

The actors behind these campaigns are from Russia’s General Staff Main Intelligence Directorate (GRU), Centre 85, also known publicly as: 

  • APT28 
  • Fancy Bear 
  • Forest Blizzard (Microsoft’s designation) 

They are experienced, resourced, and patient. Their focus is on persistent access, often through legitimate credentials or unpatched vulnerabilities, particularly in edge infrastructure. 

 

What Techniques Are Being Used? 

The advisory outlines several key tactics, techniques, and procedures (TTPs) currently in use: 

1. Exploiting Edge Infrastructure

  GRU actors are leveraging vulnerabilities in: 

  • Routers 
  • VPN appliances 
  • Firewalls 
  • Other boundary devices 

These systems often remain unpatched or misconfigured and serve as gateways into broader networks. 

2. Credential Compromise and Misuse

The actors favour password spraying, credential reuse, and exploiting weak authentication practices to access enterprise environments. 

3. Living-Off-the-Land Techniques

Once inside, they avoid detection by using built-in administrative tools such as WMI and PowerShell to move laterally and maintain persistence. 

4. Lateral Movement and Data Collection

With access secured, the goal shifts to collecting credentials, maintaining footholds, and harvesting sensitive internal data over extended periods. 

 

Why Australian Businesses Should Pay Attention

While the advisory focuses on broad international targeting, Australian businesses are far from immune. The logistics and technology sectors are deeply integrated into global supply chains and critical infrastructure, making them attractive targets for espionage and disruption. 

The implications of compromise are not limited to data loss. Disruption in logistics networks or technology platforms can affect: 

  • Customer trust and commercial continuity 
  • Supply chain dependencies 
  • National resilience 

These attacks are not opportunistic; they are deliberate, strategic, and aimed at long-term access. 

 

What Should Organisations Do?

In light of this advisory, the ACSC and its partners recommend a series of urgent actions. Ctrl has summarised these into six practical steps: 

1. Audit and Map Exposed Systems

Start by identifying your internet-facing infrastructure such as: 

  • Firewalls, VPNs, routers, and remote access tools 
  • Cloud-based assets or externally accessible APIs 
  • Any third-party-managed systems 

Recommended action: Use attack surface scanning tools and ensure all systems are documented and reviewed regularly. 

 

2. Harden Authentication and Access Controls

Credential misuse remains one of the most common entry points. 

  • Enforce multi-factor authentication (MFA) universally 
  • Eliminate default or legacy accounts 
  • Apply least-privilege access across administrative roles 

Recommended action: Review and rotate service account credentials, especially on networked infrastructure and critical systems. 

 

3. Patch Known Vulnerabilities Immediately

The GRU is known to exploit well-documented vulnerabilities, often with public proof-of-concept code. 

  • Prioritise CVEs affecting edge devices and remote access systems 
  • Apply vendor updates and firmware patches 
  • Confirm patch deployment through follow-up scans 

Recommended action: Do not rely on monthly patch cycles. Introduce high-risk patch triage based on external threat advisories. 

 

4. Monitor for Unusual Lateral Movement

Detecting these actors requires more than perimeter protection. 

  • Implement endpoint detection and response (EDR) 
  • Look for unusual logins, internal traffic spikes, or unsanctioned admin tool usage 
  • Centralise logging for visibility and audit 

Recommended action: Correlate logs across identity, endpoint, and network layers to identify anomalies early. 

 

5. Run a Threat Simulation or Tabletop Exercise

Don’t wait for an incident to test your response. Choose a scenario similar to the GRU threat model. 

  • Involve executive and technical stakeholders 
  • Identify communication gaps, detection blind spots, and escalation issues 

Recommended action: Regular simulation builds preparedness and sharpens internal processes. 

 

6. Review Network Segmentation and Privilege Use

Lateral movement thrives in flat, permissive environments. 

  • Segment networks by function or sensitivity 
  • Isolate admin tools from user devices 
  • Remove unnecessary access between systems 

Recommended action:  Map trust relationships and remove default allow-rules in firewalls and VLANs. 

 

This advisory confirms a clear focus on logistics and technology organisations by foreign threat actors. The tactics being used are familiar, proven, and effective. Staying informed and prepared is essential for business continuity. 

Cybersecurity is no longer just a technical issue. It is a strategic priority, especially for those within national or commercial supply chains. 

Ctrl supports Australian businesses in strengthening readiness and reducing risk. This includes mapping external exposure, uplifting access controls, managing vulnerabilities, and monitoring threats through the ROC+ platform. We also run threat simulations and review network architecture to reduce lateral movement. 

Our services span detection, governance, compliance, and offensive testing. Every step forward is built on insight, precision, and confidence. 

Explore your organisation’s readiness with Ctrl today ↗