The Sandworm advanced persistent threat (APT) actor , believed to be supported by Russia’s military intelligence agency, the GRU  , has been attributed with a cyber attack campaign targeting Ukrainian military targets .
The Security Service of Ukraine (SBU) initially uncovered the Infamous Chisel malware family used in this campaign . It specifically targeted Android mobile devices owned by Ukraine’s armed forces . Infamous Chisel was designed to gain unauthorized access to compromised devices and operate through the Tor network. It has the capability to scan files, monitor traffic   , and periodically steal sensitive information , including system device information  , commercial application information  , and applications specific to the Ukrainian military  .
The malware has been linked to the Russian GRU’s Main Centre for Special Technologies (GTsST) and the threat actor Sandworm. Infamous Chisel gains persistence by replacing a legitimate system component with a malicious version and uses shell scripts and commands to collect device information and search for specific files . It exfiltrates files using the TLS protocol and a hard-coded IP and port , and it also installs a modified version of the Dropbear SSH client for remote access .
Despite lacking basic obfuscation or stealth techniques , Infamous Chisel poses a serious threat due to the sensitive information it can collect . The UK and international allies have published a report on the malware , demonstrating their commitment to assisting Ukraine in the face of Russian cyber attacks . This report can be found on the National Cyber Security Centre (NCSC) website .
The Infamous Chisel malware campaign , attributed to the Sandworm APT actor supported by Russia’s GRU, has targeted Ukrainian military targets . The malware’s ability to gain unauthorized access, scan files   , monitor traffic   , and steal sensitive information poses a serious threat. However, the UK and international allies have shown their commitment to assisting Ukraine by publishing a report on the malware. This highlights the importance of mitigating the impacts of cyber attacks and the need for continued vigilance in the face of future threats.