The U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA) and agencies in Australia, Canada, United Kingdom and New Zealand recently published a joint report on a malware campaign conducted by Russian cyber actors against the Ukrainian military.
The malware analysis report provides technical details of a new kind of malware used to target Android devices in use by Ukrainian military personnel. The malware, called Infamous Chisel, enables unauthorized access to compromised devices and is designed to scan files, monitor traffic and periodically steal sensitive information.
The campaign was publicly uncovered by Ukraine’s security agency, the SBU, earlier this month and has been attributed to the threat actor known as Sandworm. The United Kingdom and the United States have previously attributed Sandworm to the Russian GRU’s Main Centre for Special Technologies (GTsST).