A serious warning has been issued by international security agencies: Russian hackers are secretly targeting and accessing surveillance cameras in critical infrastructure. The United States’ NSA and FBI, along with Germany’s Federal Intelligence Service (BND), Federal Office for the Protection of the Constitution (BfV), and the Federal Office for Information Security (BSI), have confirmed that these attacks are real and ongoing.
These threats are linked to a known cyber group called APT-28, also known as “Fancy Bear.” According to Western intelligence services, this group is connected to the Russian military intelligence agency GRU. They are well-known for past cyberattacks, including one on a major German political party. Now, they’ve been caught breaking into networks and spying through IP cameras, especially in companies that manage logistics and transport—key parts of a country’s daily operations.
The attackers didn’t just hack a few cameras—they tried to take control of more than 10,000 surveillance devices. These cameras were located in places like Ukraine, Romania, Poland, and Hungary. They are often used to watch buildings, roads, and storage facilities. Once the hackers got inside, they could secretly watch what was happening, study security setups, and prepare for possible future sabotage.
Chinese Cameras: A Growing Espionage Threat to the US
Cameras Turned into Spy Tools
BSI President Claudia Plattner spoke directly about the threat. In an interview with heise online, she warned that these are not random attacks. “We are definitely talking about preparations for sabotage,” she said. The goal, according to Plattner, is to strike at a later time—quickly and without warning.
Cameras are a favorite tool for spies because they’re often easy to hack and give clear views of how secure or unprotected a location is. But Plattner also said that cameras are just the start. The attackers may have also gained access to other devices, user accounts, and entire networks. This means the threat could go far beyond just seeing what’s on a screen.
Once inside a system, hackers can use the camera as a backdoor to explore more. They might be able to open digital doors, shut off alarms, or even disable important safety systems. It’s like unlocking the front door of a house—and then finding out all the other doors inside are unlocked, too.
Security experts worry that most companies don’t even realize they’ve been attacked. Plattner mentioned a very high number of unreported cases, meaning many systems could be compromised without anyone knowing. The attackers are being quiet now—but that silence could be the calm before something bigger.
Amsterdam Dismantles Chinese Surveillance Cameras to Combat Espionage Challenge
A Silent Setup for Future Damage
The focus of these attacks is on companies that are part of critical infrastructure—especially those involved in logistics. These are the companies that keep food supplies moving, deliver medical goods, and make sure everything from fuel to mail arrives where it should. If these systems were suddenly shut down or damaged, it could cause confusion and real harm.
Plattner explained that these cyber intrusions are not just data theft or spying. They are strategic moves meant to weaken a country’s ability to respond during a crisis. “Attackers who position themselves in our critical infrastructures do so so that they can strike quickly,” she said.
The BSI and other security authorities have now published a joint advisory. This document gives technical details, warning signs to look for, and steps to take if an attack is suspected. It’s aimed at helping companies protect themselves, but the urgency in the message is clear.
While the names behind the keyboards may remain hidden, the fingerprints of APT-28 and the GRU are all over this digital break-in. Surveillance tools meant to protect people are now being used against them. And as Claudia Plattner warns, the risk isn’t just in what has already been done—but in what could happen next.
