National Cyber Security Centre
Printable version

UK and allies support Ukraine calling out Russia's GRU for new malware campaign

Malware, dubbed Infamous Chisel, enables unauthorised access to compromised Android devices.

  • GCHQ’s National Cyber Security Centre and international partners share technical details about malware used to target Ukrainian military
  • New report supports attribution that the malicious campaign has been carried out by Russian military intelligence service the GRU
  • United show of support follows the Security Service of Ukraine exposing the malware operations earlier this month

THE UK and international allies have published a new report today (Thursday) which supports Ukraine calling out Russian cyber actors responsible for conducting a malware campaign against the Ukrainian military.

The National Cyber Security Centre (NCSC) – a part of GCHQ – and agencies in the United States, Australia, Canada and New Zealand have published analysis of a new kind of malware used to target Android devices in use by Ukrainian military personnel.

The report details how the malware, dubbed Infamous Chisel, enables unauthorised access to compromised devices and is designed to scan files, monitor traffic and periodically steal sensitive information.

The campaign was publicly uncovered by Ukraine’s security agency the SBU earlier this month and has been attributed to the threat actor known as Sandworm.

The NCSC has previously attributed the Sandworm actor to the Russian GRU’s Main Centre for Special Technologies GTsST.

The report's publication today demonstrates the UK and allies' ongoing commitment to support Ukraine in the face of Russian attacks, including in the area of cyber defence.

Paul Chichester, NCSC Director of Operations, said:

“The exposure of this malicious campaign against Ukrainian military targets illustrates how Russia’s illegal war in Ukraine continues to play out in cyberspace.

“Our new report shares expert analysis of how this new malware operates and is the latest example of our work with allies in support of Ukraine’s staunch defence.

“The UK is committed to calling out Russian cyber aggression and we will continue to do so.”

Since Russia's invasion, Ukraine has faced an unprecedented barrage of attacks and has successfully defended itself and bolstered its overall digital resilience with support from international partners in government and industry.

In June, the Prime Minister announced that the UK-funded Ukraine Cyber Programme would be boosted by an additional injection of up to £25 million and a two-year expansion to help Ukraine protect its critical national infrastructure and vital public services online.

The malware analysis report has been jointed issued by the NCSC, the US National Security Agency (NSA), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), New Zealand’s National Cyber Security Centre (NCSC-NZ), the Canadian Centre for Cyber Security - part of the Communications Security Establishment (CSE) and the Australian Signals Directorate (ASD).

The report can be read in full on the NCSC website. Associated files relating to this report can also be accessed via the NCSC's Malware Analysis Reports page.

Channel website:

Original article link:

Share this article

Latest News from
National Cyber Security Centre