Russian hackers have successfully breached the technology used by Ukraine on the battlefield, stealing data from Android devices, as reported by Western intelligence agencies.
The Five Eyes alliance, comprised of the US, UK, Australia, Canada, and New Zealand, jointly disclosed this information.
In a statement released on Thursday by the US Cybersecurity and Infrastructure Security Agency (CISA), NSA, and FBI, along with partner agencies, it was revealed that malware capable of “stealing sensitive information” was deployed in a campaign targeting Android devices utilized by the Ukrainian military. Russia was identified as the responsible party.
The extent of the data stolen and specific details regarding the incident were not disclosed. However, it was mentioned that some of the compromised data included applications specific to the Ukrainian military.
The malware responsible for this breach is known as “Infamous Chisel.” It is a new mobile malware designed for Android devices, equipped with the ability to gain unauthorized access to compromised devices, scan files, monitor traffic, and periodically extract sensitive information.
Intelligence agencies attributed this malware to Sandworm, a unit of Russia’s GRU military intelligence agency. Sandworm has been previously implicated in cyberattacks on Ukraine’s power grid during Russia’s invasion, as well as earlier attacks on South Korea’s Olympic games in 2018 and multiple US hospitals.
The Deputy Prime Minister of the UK suggested that Russia was resorting to hacking strategies to compensate for failures on the battlefield, echoing Ukraine’s claims of Russian attempts to hack its military networks.
Ukraine had reported in early August that it had thwarted Russian hacking attempts on its military networks, preventing access to sensitive information related to the Armed Forces and defense operations.
It was revealed that Russia had obtained some of Ukraine’s tablets on the battlefield and planted malware on them. Ukraine relies on tablets for various battlefield functions, including drone operations.
John Hultquist, the chief analyst at security firm Mandiant, emphasized the threat posed by mobile malware, as it can reveal the physical locations of targets to intelligence services.
Furthermore, Ukraine’s security service (SBU) alleged that GRU spy software attempted to access troop movements using Elon Musk’s Starlink satellites by installing malware on tablets. The Five Eyes agencies did not comment on this claim.