Russia is pivoting from disruptive cyberattacks to more targeted operations aimed at giving it an advantage on the Ukrainian battlefield.
The U.S. government and its allies on Thursday released a technical breakdown of malware used by the infamous Russian hacking group Sandworm on the battlefield in Ukraine, offering one of the most detailed analyses to date of malicious software used by the Kremlin in military cyber operations against Kyiv.
The joint alert by the Cybersecurity and Infrastructure Security Agency, the National Security Agency, the FBI, and agencies in the Five Eyes intelligence partnership — made up of the United States, the United Kingdom, New Zealand, Canada, and Australia — provides a detailed analysis of malware dubbed “Infamous Chisel,” which the Sandworm hacking group deployed against Android devices belonging to Ukrainian service members in a bid to collect battlefield intelligence.
Use of the malware has been described by Ukrainian officials as a shift in Russia’s use of cyber operations against Ukraine, from disruptive attacks to more targeted collection to help on the battlefield. Sandworm operates from within the Russian Main Intelligence Directorate, or GRU, and is perhaps best known for the cyber attacks against Ukraine’s grid in 2015 and 2016 that disrupted power in the middle of winter.
Infamous Chisel targets Android devices through a collection of components that ensures persistent access over the Tor network while also collecting information. The malware exfiltrates data that matches a predefined list of extensions like .jpeg and .txt, among others. Additionally, the malware looks for system information, scans the local network for active hosts and open ports, as well as looks for specific Ukrainian military applications. Those military applications were not detailed in the report.
Read the full article HERE