- 5 easy ways to transfer photos from your Android device to your Windows PC
- How to get Google's new Pixel 9a for free
- Just installed iOS 18.4? Changing these 3 features made my iPhone much better to use
- 7 strategic insights business and IT leaders need for AI transformation in 2025
- The most underrated robot vacuum I've ever tested is now 60% off
GRU Blamed for Infamous Chisel Malware Targeting Ukraine’s Military
The UK and its Five Eyes partners (Australia, Canada, New Zealand and the US) officially support Ukraine’s attribution of Infamous Chisel, a new piece of malware infecting Ukraine’s military personnel’s mobile phones, to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).
In a joint report published on August 31, 2023, the UK’s National Cyber Security Centre (NCSC) and six partner agencies analyzed Infamous Chisel.
The malware enables unauthorized access to compromised Android devices used by the Ukrainian military over the Tor network. It is designed to scan files, monitor traffic and periodically steal sensitive information.
The information exfiltrated is a combination of system device information, commercial application information and applications specific to the Ukrainian military.
It also provides remote access by configuring and executing Tor with a hidden service that forwards to a modified Dropbear binary providing an SSH connection.
War in Ukraine Plays Out in Cyberspace
In the report, the seven agencies added that they “are aware that the actor known as Sandworm has used a new mobile malware in a campaign targeting Android devices used by the Ukrainian military.”
This correlates to the Security Service of Ukraine’s (SBU) attribution earlier in August when it first unveiled the campaign using Infamous Chisel.
Cybersecurity agencies in all Five Eyes countries have previously linked Sandworm to the Russian GRU’s Main Centre for Special Technologies (GTsST).
Paul Chichester, NCSC director of operations, said in a statement that this new malicious campaign “illustrates how Russia’s illegal war in Ukraine continues to play out in cyberspace.”
In June, the UK Prime Minister announced that the UK-funded Ukraine Cyber Programme would be boosted by an additional injection of up to £25 million and a two-year expansion to help Ukraine protect its critical national infrastructure and vital public services online.
