Ukrainian troops using Android mobile devices are coming under attack from Russian hackers, who are using a new kind of malware to try to steal information critical to the ongoing counteroffensive.
Cyber officials from the United States, along with counterparts from Australia, Britain, Canada and New Zealand, issued a warning Thursday about the malware, named Infamous Chisel, which aims to scan files, monitor communications and “periodically steal sensitive information.”
The U.S. Cybersecurity and Infrastructure Security Agency, or CISA, describes the new malware as “a collection of components which enable persistent access to an infected Android device … which periodically collates and exfiltrates victim information.”
A CISA report published Thursday shared additional technical details about the Russian campaign, with officials warning the malware could be employed against other targets.
Thursday’s warning reflects “the need for all organizations to keep their Shields Up to detect and mitigate Russian cyber activity, and the importance of continued focus on maintaining operational resilience under all conditions,” said Eric Goldstein, CISA executive assistant director for cybersecurity, in a statement.
According to the report by the U.S. and its allies, the malware is designed to persist on a system by replacing legitimate coding with other coding from outside the system that is not directly attached to the malware itself.
It also said the malware’s components are of “low to medium sophistication and appear to have been developed with little regard to defense evasion or concealment of malicious activity.”
Ukraine’s SBU security agency first discovered the Russian malware earlier in August, saying it was being used to “gain access to the combat data exchange system of the Armed Forces of Ukraine.”
Ukrainian officials said at the time they were able to launch defensive cyber operations to expose and block the Russian efforts.
An SBU investigation determined that Russia was able to launch the malware attack after capturing Ukrainian computer tablets on the battlefield.
Ukraine attributed the attack to a cyber threat actor known as Sandworm, which U.S. and British officials have previously linked to the GRU, Russia’s military intelligence service.