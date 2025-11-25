Russian hackers target US engineering firm because of work done for Ukrainian sister city

FILE - US and Ukrainian national flags wave to commemorate American volunteers, who were killed in battles with Russian troops defending Ukraine, their names are on flags, at the improvised war memorial in Independence square in Kyiv, Ukraine, Sept. 27, 2024. (AP Photo/Efrem Lukatsky, File) Copyright 2024 The Associated Press. All rights reserved

By David Klepper, The Associated Press

Posted November 25, 2025 8:54 am.

Last Updated November 25, 2025 9:08 am.

WASHINGTON (AP) — Hackers working for Russian intelligence attacked an American engineering company this fall, investigators at a U.S. cybersecurity company said Tuesday — seemingly because that firm had worked for a U.S. municipality with a sister city in Ukraine.

The findings reflect the evolving tools and tactics of Russia’s cyber war and demonstrate Moscow’s willingness to attack a growing list of targets, including governments, organizations and private companies that have supported Ukraine, even in a tenuous way.

Arctic Wolf, the U.S. cybersecurity firm that identified the Russian campaign, wouldn’t identify its customer or the city it worked with to protect their security, but said the company had no direct connection to Russia’s invasion of Ukraine. However, the group behind the attack, known to cybersecurity experts as RomCom, has consistently targeted groups with links to Ukraine and its defense against Russia.

“They routinely go after organizations that support Ukrainian institutions directly, provide services to Ukrainian municipalities, and assist organizations tied to Ukrainian civil society, defense, or government functions,” said Ismael Valenzuela, Arctic Wolf’s vice president of labs, threat research and intelligence.

The attack on the engineering firm was identified by Arctic Wolf in September before it could disrupt the engineering company’s operations or spread further.

A message left with officials at the Russian Embassy in Washington seeking comment was not immediately returned.

Many towns and cities around the world enjoy sister-city relationships with other communities, using the program to offer social and economic exchanges. Several U.S. cities, including Chicago, Baltimore, Albany, N.Y. and Cincinnati, have sister-city relationships with communities in Ukraine.

The campaign in September came just a few weeks after the FBI warned that hackers linked to Russia were seeking to break into U.S. networks as a way to burrow into important systems or disrupt critical infrastructure. According to the latest bulletin from the U.S. Cybersecurity and Infrastructure Security Agency, the Russia-aligned hackers have multiple motives: disrupting aid and military supplies to Ukraine, punishing businesses with ties to Ukraine, or stealing military or technical secrets.

Last month, the Digital Security Lab of Ukraine and investigators at SentinelOne, a U.S. cybersecurity firm, exposed a speedy and sprawling cyberattack on relief groups supporting Ukraine, including the International Red Cross and UNICEF. That hacking campaign used fake emails impersonating Ukrainian officials that sought to fool users into infecting their own computers by clicking on malicious links.

The investigators at SentinelOne stopped short of attributing the attack to the Russian government but noted that the operation targeted groups working on Ukrainian assistance and required six months to plan. The “highly capable adversary” behind the campaign, the investigators determined, is “an operator well-versed in both offensive tradecraft and defensive detection evasion.”

David Klepper, The Associated Press

Submit a Correction
Accessibility Feedback

Top Stories

Missing Toronto mother last seen at Burlington home later investigated as drug lab

Irma Galastica’s disappearance in 2024 didn’t garner much attention. There were no police media briefings or wall-to-wall coverage of her last known activities, no publicized search and no appeals...
Toronto man charged in $1M Ontario lottery heist — group play betrayal alleged

A Toronto man is facing criminal charges after allegedly claiming a $1 million Lotto Max Free Play ticket that investigators say should have been split among a group of three. The Ontario Provincial...

8m ago

Toronto homicide unit investigating after man dies from gunshot wounds in hospital

Toronto police say a man has died of his injuries after he was brought to a hospital suffering from gunshot wounds. Police at 31 Division say the man arrived at a hospital just before 5:30 a.m. on Tuesday....

49m ago

9-vehicle collision blocks lane on Hwy. 401 at Dixon Road

Drivers heading westbound on Highway 401 through Toronto are facing delays Tuesday morning after a nine-vehicle collision near Dixon Road. Ontario Provincial Police (OPP) confirm the incident was reported...

2h ago

Top Stories

Missing Toronto mother last seen at Burlington home later investigated as drug lab

Irma Galastica’s disappearance in 2024 didn’t garner much attention. There were no police media briefings or wall-to-wall coverage of her last known activities, no publicized search and no appeals...
Toronto man charged in $1M Ontario lottery heist — group play betrayal alleged

A Toronto man is facing criminal charges after allegedly claiming a $1 million Lotto Max Free Play ticket that investigators say should have been split among a group of three. The Ontario Provincial...

8m ago

Toronto homicide unit investigating after man dies from gunshot wounds in hospital

Toronto police say a man has died of his injuries after he was brought to a hospital suffering from gunshot wounds. Police at 31 Division say the man arrived at a hospital just before 5:30 a.m. on Tuesday....

49m ago

9-vehicle collision blocks lane on Hwy. 401 at Dixon Road

Drivers heading westbound on Highway 401 through Toronto are facing delays Tuesday morning after a nine-vehicle collision near Dixon Road. Ontario Provincial Police (OPP) confirm the incident was reported...

2h ago

Most Watched Today

2:42
Proposed class action lawsuit targets major club operators in Toronto entertainment district

Citing the recent arrest of a club promoter with a criminal sexual history, a Toronto lawyer is attempting to certify a class action lawsuit against major club operators in Toronto

1h ago

4:13
Premier Ford tells protester to 'go find a job' as controversial housing bill passes

A dramatic vote at Queen's Park as the premier was forced to face tenants and advocates opposing Bill 60. As Tina Yazdani reports, the housing minister is defending the contentious legislation.

15h ago

2:48
Ontario passes housing Bill 60, protesters attempt to disrupt vote

Despite much opposition from housing advocates and renters, the Ford government passed the controversial housing Bill 60 which is set to impose major changes to the province's eviction system.

21h ago

1:24
Two people missing confirmed dead in Brampton house fire: Peel police

Peel Regional Police confirmed out of the three people originally unaccounted for, two have been confirmed dead but one has been found safe. Authorities confirmed the total number of people killed in the fire is five.

20h ago

2:55
"This is a safety issue": Consumer calls out automaker after delayed fix following recall

A woman in Niagara Falls reached out to Speakers Corner after her driver's side seatbelt became completely detached. She's now pushing the automaker to speed up the repair process. Pat Taney reports.

21h ago

More Videos