Russian malware is infecting Ukraine’s mobile devices, gathering information about Ukrainian military systems in a possible attempt to undermine them, according to a new report.
The “Infamous Chisel” malware is working its way through untold scores of Ukrainian Android devices, according to the report, which was jointly published by agencies in Australia, Canada, New Zealand, the UK, and the United States.
“The malware periodically scans the device for information and files of interest, matching a predefined set of file extensions,” the report says.
“It also contains functionality to periodically scan the local network collating information about active hosts, open ports, and banners.”
Infamous Chisel is known to be leveraged by a threat actor known in the cybersecurity community as “Sandworm,” which has been linked to Russia’s foreign military intelligence agency.
It is composed of components that enable persistent access to an infected Android device, and which periodically collates and gets information from the compromised device.
The information it gathers, according to the report, includes system device specs, commercial app data, and that related to applications specific to the Ukrainian military.
The specific targeting of Ukrainian military applications suggests that Russia’s intention is to gain access to and undermine such networks, the report says.
“The searching of specific files and directory paths that relate to military applications and exfiltration of this data reinforces the intention to gain access to these networks,” the report says.
“Although the components lack basic obfuscation or stealth techniques to disguise activity, the actor may have deemed this not necessary, since many Android devices do not have a host-based detection system.
Russia Seeks Advantage
The discovery of the malware is just the latest in an increasingly bitter struggle between Russian and Ukrainian forces in occupied east Ukraine.
Until recently, both sides were struggling to make much headway, and Ukraine’s much-anticipated counteroffensive appeared to have stalled into something of a stalemate.
The situation has seen an escalation in drone and missile warfare and the targeting of non-military actors by both sides.
To that end, Russia is increasing strikes against civilian infrastructure in Ukraine, including apartment complexes, commercial ports, and food storage facilities.
Moscow has also announced that all ships proceeding to Ukrainian ports in the Black Sea will be considered potential carriers of military cargo for an enemy state, regardless of whether they’re flagged as civilian ships or what nation’s flag they fly.
Ukraine Building Momentum
Ukraine, meanwhile, appears to be turning the tide in what has been a grinding and brutal counteroffensive through hundreds of miles of minefields and fortified enemy positions.
Over the weekend, Ukrainian forces liberated the fortified village of Robotyne in the Zaporizhzhia region.
Robotyne sits on the road between the frontline town of Orikhiv, Ukraine, and the Russian-occupied rail hub of Tokmak. Its strategic placement could give Ukraine further ability to attack key Russian supply lines.
If Ukrainian forces can push from Robotyne into Tokmak, roughly 18 miles south, they could effectively split the Russian forces occupying the region north of the Sea of Azov, cutting off supplies to Russian units located in Kherson and western Zaporizhzhia.
Some among Ukraine’s military leadership believe that Ukraine has now broken through the most difficult of Russia’s defense networks in southern Ukraine.
Intense fighting, miles of minefields, and an increasingly bitter drone and missile campaign remain, however.
U.S. military leadership has cautioned as such that there is still much fighting to go.