Russian GRU Targeting Western Logistics Entities and Technology Companies

**Executive Summary:** This joint advisory attributes a persistent Russian GRU (unit 26165 / APT28) campaign against Western logistics and technology firms—particularly those supporting aid to Ukraine—detailing spearphishing and credential-guessing initial access, exploitation of multiple CVEs (including CVE-2023-23397 and CVE-2023-38831), deployment of malware (e.g., HEADLACE, MASEPIE, STEELHOOK), mailbox-permission abuse for sustained email collection, lateral movement and AD targeting, large-scale targeting of IP cameras for tracking shipments, and extensive IOCs and mitigation recommendations for defenders.