World NewsEuropeRussia-Ukraine War

Russian Malware on Ukrainian Mobile Devices Seeks Access to Military Applications

Save
Russian Malware on Ukrainian Mobile Devices Seeks Access to Military Applications
A Russian flag is seen on a laptop screen in front of a computer screen displaying cyber code. Kacper Pempel/Reuters
Andrew Thornebrooke
Updated:
0:00

Russian malware is infecting Ukraine’s mobile devices, gathering information about Ukrainian military systems in a possible attempt to undermine them, according to a new report.

The “Infamous Chisel” malware is working its way through untold scores of Ukrainian Android devices, according to the report, which was jointly published by agencies in Australia, Canada, New Zealand, the UK, and the United States.

“The malware periodically scans the device for information and files of interest, matching a predefined set of file extensions,” the report says.

“It also contains functionality to periodically scan the local network collating information about active hosts, open ports, and banners.”

Infamous Chisel is known to be leveraged by a threat actor known in the cybersecurity community as “Sandworm,” which has been linked to Russia’s foreign military intelligence agency.

It is composed of components that enable persistent access to an infected Android device, and which periodically collates and gets information from the compromised device.

Related Stories
Ukraine Drones Target 6 Regions of Russia as Kyiv Comes Under ‘Massive’ Attack
8/30/2023
Ukraine Drones Target 6 Regions of Russia as Kyiv Comes Under ‘Massive’ Attack
Ukraine Liberates Key Town of Robotyne in Russia-Occupied East
8/28/2023
Ukraine Liberates Key Town of Robotyne in Russia-Occupied East

The information it gathers, according to the report, includes system device specs, commercial app data, and that related to applications specific to the Ukrainian military.

The specific targeting of Ukrainian military applications suggests that Russia’s intention is to gain access to and undermine such networks, the report says.

“The searching of specific files and directory paths that relate to military applications and exfiltration of this data reinforces the intention to gain access to these networks,” the report says.

“Although the components lack basic obfuscation or stealth techniques to disguise activity, the actor may have deemed this not necessary, since many Android devices do not have a host-based detection system.

Russia Seeks Advantage 

The discovery of the malware is just the latest in an increasingly bitter struggle between Russian and Ukrainian forces in occupied east Ukraine.
Until recently, both sides were struggling to make much headway, and Ukraine’s much-anticipated counteroffensive appeared to have stalled into something of a stalemate.

The situation has seen an escalation in drone and missile warfare and the targeting of non-military actors by both sides.

To that end, Russia is increasing strikes against civilian infrastructure in Ukraine, including apartment complexes, commercial ports, and food storage facilities.
Moscow has also announced that all ships proceeding to Ukrainian ports in the Black Sea will be considered potential carriers of military cargo for an enemy state, regardless of whether they’re flagged as civilian ships or what nation’s flag they fly.

Ukraine Building Momentum

Ukraine, meanwhile, appears to be turning the tide in what has been a grinding and brutal counteroffensive through hundreds of miles of minefields and fortified enemy positions.
Over the weekend, Ukrainian forces liberated the fortified village of Robotyne in the Zaporizhzhia region.

Robotyne sits on the road between the frontline town of Orikhiv, Ukraine, and the Russian-occupied rail hub of Tokmak. Its strategic placement could give Ukraine further ability to attack key Russian supply lines.

If Ukrainian forces can push from Robotyne into Tokmak, roughly 18 miles south, they could effectively split the Russian forces occupying the region north of the Sea of Azov, cutting off supplies to Russian units located in Kherson and western Zaporizhzhia.

Some among Ukraine’s military leadership believe that Ukraine has now broken through the most difficult of Russia’s defense networks in southern Ukraine.

Intense fighting, miles of minefields, and an increasingly bitter drone and missile campaign remain, however.

U.S. military leadership has cautioned as such that there is still much fighting to go.
Andrew Thornebrooke
Andrew Thornebrooke
National Security Correspondent
Andrew Thornebrooke is a national security correspondent for The Epoch Times covering China-related issues with a focus on defense, military affairs, and national security. He holds a master's in military history from Norwich University.
twitter
Related Topics