Daily Management Review

Report says Android Implant was used by Russian Hackers to Track Ukrainian Artillery Units


12/22/2016




Report says Android Implant was used by Russian Hackers to Track Ukrainian Artillery Units
According to a new report released on Thursday, a malware implant on Android devices to track and target Ukrainian artillery units from late 2014 through 2016 was likely used by a hacking group linked to the Russian government and high-profile cyber attacks against Democrats during the U.S. presidential election.
 
Retrieving intelligence that would have likely been used to strike against the artillery in support of pro-Russian separatists fighting in eastern Ukraine, the report from cyber security firm CrowdStrike found that the malware was able to retrieve communications and some locational data from infected devices.
 
Russian President Vladimir Putin has increasingly relied on hacking to exert influence and attack geopolitical foes is the growing view among Western security officials and cyber security researchers and the findings in the latest report tends to support that notion.
 
Working primarily on behalf of the GRU, Russia's military intelligence agency, the hacking group is known commonly as Fancy Bear or APT 28 and as is believed by U.S. intelligence officials.
 
The hacking that were intended to help President-elect Donald Trump defeat Hillary Clinton, believes both the CIA and FBI who further are of the opinion that Fancy Bear and other Russian hackers were responsible for hacks during the election, reported the media quoting two senior government officials.
 
Trump has also dismissed the assessments of the U.S. intelligence community and Russia has repeatedly denied hacking accusations.
 
CrowdStrike co-founder Dmitri Alperovitch said in an interview that the malware used to track Ukrainian artillery units was a variant of the kind used to hack into the Democratic National Committee. He said that high confidence that Fancy Bear was responsible for the implant is created by that link, in addition to the high rate of losses sustained by the type of Ukrainian artillery units targeted by hackers.
 
"This cannot be a hands-off group or a bunch of criminals, they need to be in close communication with the Russian military," Alperovitch said.
 
CrowdStrike said that a legitimate Android application developed by a Ukrainian artillery officer to process targeting data more quickly was leveraged by the implant.
 
Its deployment "extends Russian cyber capabilities to the front lines of the battlefield", the report said, and "could have facilitated anticipatory awareness of Ukrainian artillery force troop movement, thus providing Russian forces with useful strategic planning information".
 
CrowdStrike said that pages used by Ukrainian artillery on vKontakte, a Russian social media website, were used to promote the downloads of the legitimate app. The firm said that its distribution was limited as there is no evidence the application was made available in the Android app store.
 
The implant used on the legitimate app appears to be the first observed case of Fancy Bear malware used on the Android platform, according to the report.
 
(Source:www.reuters.com)