Western intelligence agencies say that Russia may have attempted to take control of at least 1,000 surveillance cameras in Romania since 2022.
The Russian military intelligence agency (GRU) targeted thousands of surveillance cameras across Romania and other NATO countries bordering Ukraine in an effort to monitor the flow of military and humanitarian aid to Kyiv, according to a recent investigation involving the United States and several European countries, reports RFE.
This extensive cyber espionage campaign, attributed to the notorious GRU unit 26165, began after Russia launched its full-scale invasion of Ukraine in February 2022.
Also known as APT28 or Fancy Bear, GRU unit 26165 is a cyber group responsible for high-profile espionage campaigns against Western governments, defense, and logistics sectors.
Investigators said that out of approximately 10,000 compromised IP addresses, nearly 1,000 belonged to surveillance cameras in Romania — making it the second most affected country after Ukraine itself. Other targeted countries include Poland, Hungary, and Slovakia.
Russian hackers used sophisticated spearphishing tactics — sending personalized emails designed to trick users into revealing their login credentials on fake websites, investigators said.
In some cases, they distributed malware hidden in pornographic material. Once access was gained, attackers could collect sensitive metadata from cameras, including their location, model, software version, and user information.
This access allowed Russian operators to monitor strategic locations in real time, such as border crossings, military installations, train stations, and ports — particularly those involved in transporting aid to Ukraine.
According to the investigation, the goal was to gather intelligence on the routes and timing of Western support deliveries crossing into Ukraine during its fight against Russian forces.
Romania, with its 650-kilometer border with Ukraine, is a key transit country for refugees and aid. Important border points such as Siret, Sighetu Marmației, and Galați, as well as ports on the Danube River, have seen intense activity since the war began more than three years ago.
While the exact routes of military aid remain confidential, the exposure of surveillance infrastructure presents serious security risks.
A significant vulnerability arises from the widespread use of Chinese surveillance cameras (notably Hikvision and Dahua) in Romania, including in government agencies, military, border police, and even Parliament. These brands are banned or restricted in the U.S. and other Western countries due to security concerns but remain prevalent in Romania.
Romanian intelligence services did not participate in the multinational investigation led by the U.S., UK, Germany, France, Poland, Estonia, and the Czech Republic.
In response to inquiries from RSE, the Romanian Ministry of Defense stated that it has “no regulatory or supervisory authority over the installation and operation of surveillance systems by individuals or legal entities in Romania.” However, relevant authorities are taking “necessary measures to prevent unauthorized information collection not intended for public disclosure related to their military units and activities.”
RSE also contacted the Romanian Intelligence Service and the Directorate for Cybersecurity for comment.
