The joint cyber-security advisory said Fancy Bear had targeted organisations linked to critical infrastructure including ports, airports, air traffic management and the defence industry.
These were in 12 mainland European countries and the US.
The hackers used a combination of techniques to gain access, the report said, including guessing passwords.
Another method used is called spearphishing, where fake emails are targeted at specific people who have access to systems.
They are presented with a fake page where they enter their login details, or encouraged to click a link which then installs malicious software.
“The subjects of spearphishing emails were diverse and ranged from professional topics to adult themes,” the report said.
A vulnerability in Microsoft Outlook was also exploited to collect credentials “via specially crafted Outlook calendar appointment invitations”.
These kinds of techniques have been “a staple tactic of this group for over a decade,” Rafe Pilling, director of threat intelligence at Sophos Counter Threat Unit, said.
Camera access “would assist in the understanding of what goods were being transported, when, in what volumes and support kinetic [weapons] targeting,” he added.
Cyber security firm Dragos told the BBC it had been tracking hacking activity linked to that reported by the NCSC.
It’s chief executive Robert M. Lee said that the hackers it followed were not only interested in gaining a foothold in corporate computer networks but would infiltrate industrial control systems where they would be able to “steal important intellectual property and insights for espionage, or position themselves for disruptive attacks”.
