Menu
The group that hacked the DNC infiltrated Ukrainian artillery units

The group that hacked the DNC infiltrated Ukrainian artillery units

The group distributed a trojanized version of an Android app used by Ukrainian artillery personnel

The cyberespionage group blamed for hacking into the U.S. Democratic National Committee (DNC) earlier this year has also infiltrated the Ukrainian military through a trojanized Android application used by its artillery units.

The group, which is known in the security industry under different names, including Fancy Bear, Pawn Storm, and APT28, has been operating for almost a decade. It is believed to be the sole user and likely developer of a Trojan program called Sofacy or X-Agent that has variants for Windows, Android, and iOS.

Fancy Bear has been responsible for many cyberespionage operations around the world over the years, and its selection of targets has frequently reflected Russia's geopolitical interests. Researchers from security firm CrowdStrike believe the group is likely tied to the Russian Military Intelligence Service (GRU).

The company found an Android application package earlier this year that had been trojanized with the Android version of X-Agent. It is a maliciously modified version of an app developed by Yaroslav Sherstuk, an officer in Ukraine's 55th Artillery Brigade, to help artillery forces more quickly process targeting data for the Soviet-made D-30 howitzer.

Sherstuk previously estimated in media interviews that up to 9,000 Ukrainian artillery personnel have used his application and that it helped reduce the D-30 targeting time from minutes to under 15 seconds, according to CrowdStrike. 

Sherstuk's app has never been distributed through Google Play, meaning its users likely installed it manually after obtaining it from various sources. And with users in the habit of installing apps from alternative sources, Fancy Bear probably didn't have much trouble distributing a trojanized version of the app.

"Successful deployment of the FANCY BEAR malware within this application may have facilitated reconnaissance against Ukrainian troops," the CrowdStrike researchers said Thursday in a blog post. "The ability of this malware to retrieve communications and gross locational data from an infected device makes it an attractive way to identify the general location of Ukrainian artillery forces and engage them."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Malwarebytes shoots the breeze with channel, prospects

Malwarebytes shoots the breeze with channel, prospects

A Kumeu, Auckland, winery was the venue for a Malwarebytes event for partner and prospect MSPs - with some straight shooting on the side. The half-day getaway, which featured an archery competition, lunch and wine-tasting aimed at bringing Malwarebytes' local New Zealand and top and prospective MSP partners together to celebrate recent local successes, and discuss the current state of malware in New Zealand. This was also a unique opportunity for local MSPs to learn about how they can get the most out of Malwarebytes' MSP program and offering, as more Kiwi businesses are targeted by malware.

Malwarebytes shoots the breeze with channel, prospects
EDGE 2019: Channel forges new partnerships during evening networking

EDGE 2019: Channel forges new partnerships during evening networking

Partners, vendors and distributors reconnected during a number of social gatherings during EDGE 2019. The first evening saw the channel congregate for a welcome party at the Hamilton Island yacht club, while the main poolside proved to be the perfect stop for a barbecue on the final night.

EDGE 2019: Channel forges new partnerships during evening networking
Show Comments