The UK, along with international allies including the United States, Australia, Canada, and New Zealand, has issued a new report supporting Ukraine’s claim that Russian cyber actors have been conducting a malware campaign against the Ukrainian military.
The analysis was published by the National Cyber Security Centre (NCSC) and its international counterparts.
The malware, named “Infamous Chisel,” targets Android devices used by Ukrainian military personnel and enables unauthorised access to compromised devices. According to the report, the malware is designed to “scan files, monitor traffic and periodically steal sensitive information.”
The Security Service of Ukraine (SBU) had initially exposed the malware earlier this month, attributing it to the threat actor known as Sandworm. The NCSC has previously linked Sandworm to Russia’s GRU military intelligence agency.
Deputy Prime Minister Oliver Dowden stated, “As Russia fails on the battlefield, it continues its malicious activity online, making Ukraine one of the most cyber-attacked nations in the world.” He added that through the expertise of NCSC, “the UK is challenging Russia’s cowardly cyber actors and defending Ukraine.”
Paul Chichester, NCSC Director of Operations, noted, “The exposure of this malicious campaign against Ukrainian military targets illustrates how Russia’s illegal war in Ukraine continues to play out in cyberspace.”
This joint report, which is part of an ongoing commitment to support Ukraine against Russian aggression, was issued by agencies including the US National Security Agency (NSA), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), New Zealand’s NCSC, Canada’s Centre for Cyber Security, and Australia’s Signals Directorate.
Not a big surprise. Hopefully some counter/patch can be issued to stop it.
Security of computers/devices is a never ending battle.
Still puzzling NATS using term ‘rogue data’ over the BHol weekend
I’m fortunate that I hardly ever travel these days. But I think those that do deserve a candid explanation regarding the actual system fault due to the massive effect it had upon them! That’s whether or not any of the usual state suspects were involved.
Russian, Chinese, Iranian and North Korean hackers are pretty good at their state sponsored jobs. South West Ambulance service lost their IT clinical information system to malware nearly 2 months ago. Still hasn’t been brought back on line with reports the system is locked out unless a ransom is paid and the system developers can’t do anything about it.
Until then the crews are back on carbon copy paper charts again.
Just one example. There are probably loads that go little reported and the useless UK government and general public seem blindly unaware of.
I seem to remember the Iranians managing to get into the Israeli water purification system about 18 months ago or so. Once these countries start piddling about in your critical infrastructure its really committing an act of war. North Koreans seem to be mostly in it for the money and have raised millions in doing so. The Chinese look to be infiltrating government, military and science, anything to give them an edge. The Russians seem to be very hybrid with the military and civilian hacking groups working together when required, thats why they seem to be immune to prosecution in Russia.