A Ukrainian serviceman works with a tablet as he takes a cover from bombing by Russian forces inside the building during patrol in Bakhmut, Ukraine, in February 2023.
AP Photo/Evgeniy Maloletka
Russian hackers breached devices Ukraine was using on the battlefield, Western intel agencies said.
The Five Eyes alliance, which includes the US, said information was stolen but not how much.
The hacking campaign targeted Android devices used by the Ukrainian military, they said.
Russian hackers used malware to get Ukrainians’ battlefield data from their Android devices, a group of Western intelligence agencies said.
The information was published jointly on Thursday by the Five Eyes alliance, made up of the US, UK, Australia, Canada, and New Zealand.
The US Cybersecurity and Infrastructure Security Agency (CISA), NSA, and FBI, announced the news in a Thursday statement alongside partner agencies.
They said they discovered malware that can “steal sensitive information” was being used in a campaign targeting Android devices used by the Ukrainian military. It said Russia was to blame.
They did not say now much data was taken, or give much detail on what time type.
They said some of the data taken had “applications specific to the Ukrainian military.”
It said the malware used is known as “Infamous Chisel.” It said it’s a “new mobile malware targeting Android devices that has capabilities to enable unauthorized access to compromised devices, scan files, monitor traffic, and periodically steal sensitive information.”
The intelligence agencies attributed the malware to Sandworm, part of Russia’s GRU military-intelligence agency.
Sandworm was previously blamed for attacks on Ukraine’s power grid during Russia’s invasion as well as earlier attacks on its grid, on South Korea’s Olympic games in 2018, and on multiple US hospitals.
The UK’s deputy prime minister said Russia was pursuing the hacking strategy to make up for failures on the battlefield.
The Five Eyes agencies’ announcement backs up Ukraine’s claim that Russia was hacking its battlefield tech.
Ukraine said in early August that it had blocked Russian efforts to hack into Ukraine’s military networks and gather data.
Ukraine’s security service, the SBU, said it was able to stop Russia “from gaining access to sensitive information, including the activity of the Armed Forces, deployment of the Defense Forces, their technical provision, etc.”
It made claims about what Russia was not able to access, but did not detail what it was able to get.
Ukraine said Russia “captured” some of its tablets on the battlefield, and then put the malware on them.
Ukraine uses tablets for multiple uses on the battlefield, including their work with drones.
John Hultquist, chief analyst at security firm Mandiant, told CNN “mobile malware is particularly insidious because it can give intelligence services the physical locations of targets.”
The SBU said last month that GRU spy software was trying to find out troop movements from Elon Musk’s Starlink satellites by putting malware on the tablets. The Five Eyes agencies did not comment on this claim.