GRU Blamed for Infamous Chisel Malware Targeting Ukraine’s Military Phones

Security

The UK and its Five Eyes partners (Australia, Canada, New Zealand and the US) officially support Ukraine’s attribution of Infamous Chisel, a new piece of malware infecting Ukraine’s military personnel’s mobile phones, to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).

In a joint report published on August 31, 2023, the UK’s National Cyber Security Centre (NCSC) and six partner agencies analyzed Infamous Chisel.

The malware enables unauthorized access to compromised Android devices used by the Ukrainian military over the Tor network. It is designed to scan files, monitor traffic and periodically steal sensitive information.

The information exfiltrated is a combination of system device information, commercial application information and applications specific to the Ukrainian military.

It also provides remote access by configuring and executing Tor with a hidden service that forwards to a modified Dropbear binary providing an SSH connection.

War in Ukraine Plays Out in Cyberspace

In the report, the seven agencies added that they “are aware that the actor known as Sandworm has used a new mobile malware in a campaign targeting Android devices used by the Ukrainian military.”

This correlates to the Security Service of Ukraine’s (SBU) attribution earlier in August when it first unveiled the campaign using Infamous Chisel.

Cybersecurity agencies in all Five Eyes countries have previously linked Sandworm to the Russian GRU’s Main Centre for Special Technologies (GTsST).

Paul Chichester, NCSC director of operations, said in a statement that this new malicious campaign “illustrates how Russia’s illegal war in Ukraine continues to play out in cyberspace.”

In June, the UK Prime Minister announced that the UK-funded Ukraine Cyber Programme would be boosted by an additional injection of up to £25 million and a two-year expansion to help Ukraine protect its critical national infrastructure and vital public services online.

Products You May Like

Articles You May Like

Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware
2024 Sees Sharp Increase in Microsoft Tool Exploits
Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe
DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages

Leave a Reply

Your email address will not be published. Required fields are marked *