US, Allied Countries Warn Against New Russian Malware Campaign

The United States and its allies have released a joint report on a new malware campaign targeting Android devices used by the Ukrainian military.

According to the report, a Russian military hacking team called Sandworm deployed the Infamous Chisel malware, allowing threat actors to access mobile devices to scrape multiple files containing credentials and key information. The malware also enables the group to collect GPS, IP interface configuration, and hardware data and perform IP scanning of the local network to discover other devices.

The Security Service of Ukraine exposed the malware campaign in August, linking it to Sandworm, the U.S. National Security Agency said.

The U.S. Cybersecurity and Infrastructure Security Agency, NSA and FBI; the U.K. National Cyber Security Centre; New Zealand’s National Cyber Security Centre; the Canadian Centre for Cyber Security; and the Australian Signals Directorate issued the joint report to raise awareness of the Infamous Chisel malware and provide network defenders guidance on protecting systems against threat actors.

Sandworm is known for targeting critical systems, including the energy sector. In 2020, the U.S. Department of Justice charged six Russian intelligence officers, believed to be part of the hacking group, for deploying destructive malware that took down the Ukraine power grid in December 2015 and enabled ransomware attacks on Ukrainian computer systems in 2017. 

Rob Joyce, NSA’s cybersecurity director, said Russia is using the cyber domain to further its war against Ukraine.