Thursday 31 Aug 2023 @ 16:15
National Cyber Security Centre
Printable version

UK and allies support Ukraine calling out Russia's GRU for new malware campaign

Malware, dubbed Infamous Chisel, enables unauthorised access to compromised Android devices.

  • GCHQ’s National Cyber Security Centre and international partners share technical details about malware used to target Ukrainian military
  • New report supports attribution that the malicious campaign has been carried out by Russian military intelligence service the GRU
  • United show of support follows the Security Service of Ukraine exposing the malware operations earlier this month

THE UK and international allies have published a new report today (Thursday) which supports Ukraine calling out Russian cyber actors responsible for conducting a malware campaign against the Ukrainian military.

The National Cyber Security Centre (NCSC) – a part of GCHQ – and agencies in the United States, Australia, Canada and New Zealand have published analysis of a new kind of malware used to target Android devices in use by Ukrainian military personnel.

The report details how the malware, dubbed Infamous Chisel, enables unauthorised access to compromised devices and is designed to scan files, monitor traffic and periodically steal sensitive information.

The campaign was publicly uncovered by Ukraine’s security agency the SBU earlier this month and has been attributed to the threat actor known as Sandworm.

The NCSC has previously attributed the Sandworm actor to the Russian GRU’s Main Centre for Special Technologies GTsST.

The report's publication today demonstrates the UK and allies' ongoing commitment to support Ukraine in the face of Russian attacks, including in the area of cyber defence.

Paul Chichester, NCSC Director of Operations, said:

“The exposure of this malicious campaign against Ukrainian military targets illustrates how Russia’s illegal war in Ukraine continues to play out in cyberspace.

“Our new report shares expert analysis of how this new malware operates and is the latest example of our work with allies in support of Ukraine’s staunch defence.

“The UK is committed to calling out Russian cyber aggression and we will continue to do so.”

Since Russia's invasion, Ukraine has faced an unprecedented barrage of attacks and has successfully defended itself and bolstered its overall digital resilience with support from international partners in government and industry.

In June, the Prime Minister announced that the UK-funded Ukraine Cyber Programme would be boosted by an additional injection of up to £25 million and a two-year expansion to help Ukraine protect its critical national infrastructure and vital public services online.

The malware analysis report has been jointed issued by the NCSC, the US National Security Agency (NSA), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), New Zealand’s National Cyber Security Centre (NCSC-NZ), the Canadian Centre for Cyber Security - part of the Communications Security Establishment (CSE) and the Australian Signals Directorate (ASD).

The report can be read in full on the NCSC website. Associated files relating to this report can also be accessed via the NCSC's Malware Analysis Reports page.

Channel website: https://www.ncsc.gov.uk/

Original article link: https://www.ncsc.gov.uk/news/uk-allies-support-ukraine-calling-out-russia-gru-malware-campaign

Share this article

Latest News from
National Cyber Security Centre

Statement on major IT outage

19/07/2024 16:30:00

Following the global IT outage on Friday 19 July, affected organisations should put in place vendor mitigations. The NCSC is also warning about an increase in related phishing.

NCSC Chief Engineer recognised in prestigious Women in Engineering awards

10/07/2024 16:05:00

The NCSC’s Chief Engineer has been named as one of the top 50 Women in Engineering at a prestigious awards ceremony.

National Cyber Security Centre CTO: The tech market isn't working

15/05/2024 14:10:00

Ollie Whitehouse will say in his keynote speech that companies globally know how to build resilient, secure technology, but the market does not incentivise them to do so.

New laws to protect consumers from cyber criminals come into force in the UK

29/04/2024 14:22:00

From today, regulations enforcing consumer protections against hacking and cyber-attacks will take effect, mandating that internet-connected smart devices meet minimum-security standards by law.

NCSC enters new partnership for PDNS delivery

17/04/2024 13:05:00

The National Cyber Security Centre announces new partnership to deliver the Protective Domain Name System (PDNS) service.

UK holds China state-affiliated organisations and individuals responsible for malicious cyber activity

26/03/2024 10:31:00

UK calls out pattern of malicious cyber activity by Chinese state-affiliated organisations and individuals targeting democratic institutions and parliamentarians.

NCSC and partners issue warning about state-sponsored cyber attackers hiding on critical infrastructure networks

08/02/2024 11:05:00

GCHQ’s National Cyber Security Centre and partners share details of how threat actors are using built-in tools to camouflage themselves on victims’ systems.

Business leaders urged to toughen up cyber attack protections

24/01/2024 13:12:00

New guidelines to help directors and business leaders boost their resilience against cyber threats.

Exploitation of vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure

15/01/2024 10:15:00

Organisations are encouraged to take immediate action to mitigate vulnerabilities affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) gateways (CVE-2023-46805 and CVE-2024-21887), and follow the latest vendor advice.