The fighting on the ground in Ukraine is so fierce that both sides are trying every trick in the playbook to get the upper hand.
Being on the defense, the Russian military is really hard-pressed by the Ukrainian forces in southern Ukraine and the Donbas.
In an attempt to alleviate some of the pressure, the Russians are using a cyberweapon to find and spy on the Ukrainian troops on the frontlines.
In August, Western signals and cyber intelligence services came out with a report detailing how the Russian military and intelligence agencies use malware to hack the phones of Ukrainian troops.
Designated as “Infamous Chisel,” the cyberweapon is tracking the movements of the Ukrainian forces.
“The malware periodically scans the device for information and files of interest, matching a predefined set of file extensions. It also contains functionality to periodically scan the local network, collating information about active hosts, open ports and banners,” the report states.
The malware specifically targets Android mobile devices.
The report was co-signed by several Western agencies, including the U.K. National Cyber Security Centre (NCSC), the U.S. National Security Agency (NSA), U.S. Cybersecurity and Infrastructure Security Agency (CISA), U.S. Federal Bureau of Investigation (FBI), New Zealand’s National Cyber Security Centre (NCSC-NZ), the Canadian Centre for Cyber Security, and Australian Signals Directorate (ASD).
“The malware, referred to as ‘Infamous Chisel’, has been used by the Russian cyber threat group known as Sandworm. NCSC has previously attributed Sandworm to the Russian General Staff Main Intelligence Directorate’s (GRU) Main Centre for Special Technologies (GTsST),” the British Military Intelligence assessed in an estimate on the war.
One of the malware’s uses is to enable persistent access—that is, the Russians have to compromise the device once and not every time they access it, unless there is an update—and then collect and exfiltrate data from the compromised Android devices. The data could include apps used by the Ukrainian forces for targeting purposes.
Compromising the targeting data means that the Russian forces could avoid incoming long-range fires but also attack such Ukrainian systems. This is crucial since long-range fires—artillery and rockets—have been the single deadliest source of casualties on the battlefield for both sides.
“Infamous Chisel has highly likely been used with the aim of stealing sensitive military information. This activity demonstrates Russia’s continued use of cyber capabilities to support the invasion of Ukraine,” the British Military Intelligence added.
The malware can also monitor a network and collect on its traffic.
Cyber Operations in the Ukraine War
Before the war, many believed that a Russian invasion of Ukraine would bring about cyberattacks against Ukraine and the West. However, besides some supporting kinetic cyber operations, there was no cyber Armageddon.
Today, both sides are using cyber operations in support of ground troops fighting on the frontlines. Electronic warfare and cyber operations are playing an unseen but big part in day-to-day combat. Both sides depend heavily on unmanned aerial systems and indirect fire to attack the other, but electronic warfare and cyber operations can counter drones and incoming munitions, as well as disrupt the communications of forces on the ground and maximize the confusion of war.
A 19FortyFive Defense and National Security Columnist, Stavros Atlamazoglou is a seasoned defense journalist specializing in special operations and a Hellenic Army veteran (national service with the 575th Marine Battalion and Army HQ). He holds a BA from the Johns Hopkins University, an MA from the Johns Hopkins’ School of Advanced International Studies (SAIS), and is pursuing a J.D. at Boston College Law School. His work has been featured in Business Insider, Sandboxx, and SOFREP.
From the Vault