May 22, 2025: The UK government has publicly identified a sustained Russian cyber campaign targeting pro-Ukraine civil society, political figures, journalists, and NGOs across Europe. The operation, attributed to APT29, also known as Cozy Bear, is believed to be directed by Russia’s Foreign Intelligence Service (SVR).

Targets and Tactics
According to the UK’s National Cyber Security Centre (NCSC) and the Foreign, Commonwealth & Development Office, the campaign focused on compromising email accounts, communication platforms, and cloud-based document systems linked to individuals and organizations supporting Ukraine’s resistance.

The group employed spear-phishing and credential-harvesting tactics, often impersonating trusted contacts to infiltrate internal networks. Victims include members of European parliaments, think tanks, humanitarian aid organizations, and academic researchers involved in Ukraine policy.

Security agencies in Germany, Poland, and the Baltic states have corroborated similar patterns of intrusion attempts dating back to early 2023.

Attribution and Diplomatic Response
The UK summoned Russia’s ambassador to formally protest the activities, labeling the campaign a “blatant attempt to undermine democratic resilience” and “manipulate public perception in favor of Kremlin narratives.”

Foreign Secretary David Lammy called for stronger multilateral cyber deterrence mechanisms and said the UK will push for broader coordination within NATO’s Cooperative Cyber Defence Centre of Excellence.

Policy and Defensive Measures
The NCSC has issued updated technical guidance to critical NGOs and government contractors, urging them to implement zero-trust architectures, multi-factor authentication, and threat intelligence sharing agreements.

Officials did not confirm whether offensive cyber countermeasures have been employed, though a classified briefing to Parliament reportedly included options for covert response under the UK’s Integrated Review on National Resilience.

This exposure follows a pattern of increasing use of state-sponsored cyber operations to influence battlefield psychology and erode solidarity in Western alliances supporting Ukraine.