The U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA), and agencies in Australia, Canada, United Kingdom, and New Zealand today published a joint report on a malware campaign conducted by Russian cyber actors against the Ukrainian military.
The malware analysis report provides technical details of a new kind of malware used to target Android devices in use by Ukrainian military personnel. The malware, called Infamous Chisel, enables unauthorized access to compromised devices and is designed to scan files, monitor traffic, and periodically steal sensitive information.
“For years, the U.S. Government has been calling out Russian actors who have engaged in a range of malicious cyber activity targeting U.S. and allied partners for cyber espionage and potential disruptive actions,” said CISA Executive Assistant Director for Cybersecurity, Eric Goldstein. “Today’s joint report reflects the value of deep collaboration across our international cyber defense partners, the need for all organizations to keep their Shields Up to detect and mitigate Russian cyber activity, and the importance of continued focus on maintaining operational resilience under all conditions.”
The campaign was publicly uncovered by Ukraine’s security agency, the SBU, earlier this month and has been attributed to the threat actor known as Sandworm. The United Kingdom and the United States have previously attributed Sandworm to the Russian GRU’s Main Centre for Special Technologies (GTsST).
For more information on Russian state-sponsored cyber activity, read Joint Cybersecurity Advisory on Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure and CISA’s Russia Cyber Threat Overview and Advisories webpage.
Related link: