Russian hackers tracked Ukrainian artillery units using Android implant: Report

Russian hackers Fancy Bear hack into Ukrainian artillery using android implant

By: Reuters | Washington | Published: December 23, 2016 1:38 pm
Russian hackers, Android malware, Android application, Fancybear malware, International hackers, cyber security, cyber crime, Donald Trump, CIA, FBI,technology, technology news The malware was able to retrieve communications and some location data from infected devices (Image for representation)

A hacking group linked to the Russian government and high-profile cyber attacks against Democrats during the US presidential election likely used a malware implant on Android devices to track and target Ukrainian artillery units from late 2014 through 2016, according to a new report released Thursday.

The malware was able to retrieve communications and some locational data from infected devices, intelligence that would have likely been used to strike against the artillery in support of pro-Russian separatists fighting in eastern Ukraine, the report from cyber security firm CrowdStrike found.

The findings are the latest to support a growing view among Western security officials and cyber security researchers that Russian President Vladimir Putin has increasingly relied on hacking to exert influence and attack geopolitical foes.

The hacking group, known commonly as Fancy Bear or APT 28, is believed by U.S. intelligence officials to work primarily on behalf of the GRU, Russia’s military intelligence agency.

Both the CIA and FBI believe that Fancy Bear and other Russian hackers were responsible for hacks during the election that were intended to help President-elect Donald Trump defeat Hillary Clinton, according to two senior government officials.

Also Read: Cyber attacks on banking a worrying trend: Deputy NSA Arvind Gupta

Russia has repeatedly denied hacking accusations, and Trump has also dismissed the assessments of the US intelligence community.

The malware used to track Ukrainian artillery units was a variant of the kind used to hack into the Democratic National Committee, CrowdStrike co-founder Dmitri Alperovitch said in an interview. That link, in addition to the high rate of losses sustained by the type of Ukrainian artillery units targeted by hackers, creates high confidence that Fancy Bear was responsible for the implant, he said.

“This cannot be a hands-off group or a bunch of criminals, they need to be in close communication with the Russian military,” Alperovitch said.

The implant leveraged a legitimate Android application developed by a Ukrainian artillery officer to process targeting data more quickly, CrowdStrike said.

Also Read: Defence officials on cyber threats: Cyber attacks can cause more damage than conventional forces, say Experts

Its deployment “extends Russian cyber capabilities to the front lines of the battlefield”, the report said, and “could have facilitated anticipatory awareness of Ukrainian artillery force troop movement, thus providing Russian forces with useful strategic planning information”.

Downloads of the legitimate app were promoted on pages used by Ukrainian artillery on vKontakte, a Russian social media website, CrowdStrike said. There is no evidence the application was made available in the Android app store, limiting its distribution, the firm said.

The implant used on the legitimate app appears to be the first observed case of Fancy Bear malware used on the Android platform, according to the report.

For all the latest Technology News, download Indian Express App

    Live Cricket Scores & Results