National Cyber Security Centre
UK and allies support Ukraine calling out Russia's GRU for new malware campaign
Malware, dubbed Infamous Chisel, enables unauthorised access to compromised Android devices.
- GCHQ’s National Cyber Security Centre and international partners share technical details about malware used to target Ukrainian military
- New report supports attribution that the malicious campaign has been carried out by Russian military intelligence service the GRU
- United show of support follows the Security Service of Ukraine exposing the malware operations earlier this month
THE UK and international allies have published a new report today (Thursday) which supports Ukraine calling out Russian cyber actors responsible for conducting a malware campaign against the Ukrainian military.
The National Cyber Security Centre (NCSC) – a part of GCHQ – and agencies in the United States, Australia, Canada and New Zealand have published analysis of a new kind of malware used to target Android devices in use by Ukrainian military personnel.
The report details how the malware, dubbed Infamous Chisel, enables unauthorised access to compromised devices and is designed to scan files, monitor traffic and periodically steal sensitive information.
The campaign was publicly uncovered by Ukraine’s security agency the SBU earlier this month and has been attributed to the threat actor known as Sandworm.
The NCSC has previously attributed the Sandworm actor to the Russian GRU’s Main Centre for Special Technologies GTsST.
The report's publication today demonstrates the UK and allies' ongoing commitment to support Ukraine in the face of Russian attacks, including in the area of cyber defence.
Paul Chichester, NCSC Director of Operations, said:
“The exposure of this malicious campaign against Ukrainian military targets illustrates how Russia’s illegal war in Ukraine continues to play out in cyberspace.
“Our new report shares expert analysis of how this new malware operates and is the latest example of our work with allies in support of Ukraine’s staunch defence.
“The UK is committed to calling out Russian cyber aggression and we will continue to do so.”
Since Russia's invasion, Ukraine has faced an unprecedented barrage of attacks and has successfully defended itself and bolstered its overall digital resilience with support from international partners in government and industry.
In June, the Prime Minister announced that the UK-funded Ukraine Cyber Programme would be boosted by an additional injection of up to £25 million and a two-year expansion to help Ukraine protect its critical national infrastructure and vital public services online.
The malware analysis report has been jointed issued by the NCSC, the US National Security Agency (NSA), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), New Zealand’s National Cyber Security Centre (NCSC-NZ), the Canadian Centre for Cyber Security - part of the Communications Security Establishment (CSE) and the Australian Signals Directorate (ASD).
Latest News from
National Cyber Security Centre
UK exposes attempted Russian cyber interference in politics and democratic processes08/12/2023 10:29:00
The UK condemns Russia’s sustained attempts at political interference in the UK and globally.
UK and allies expose Russian intelligence services for cyber campaign of attempted political interference07/12/2023 14:25:00
The UK and allies call out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes
NCSC launches Cyber Incident Exercising scheme06/12/2023 15:25:00
New CIE assured providers give organisations support to create structured table-top or live-play cyber incident exercises.
UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains23/11/2023 16:05:00
Joint advisory observes cyber actors leveraging zero-day vulnerabilities and exploits in third-party software.
NCSC warns of enduring and significant threat to UK's critical infrastructure16/11/2023 10:05:00
The NCSC's seventh Annual Review raises awareness of the increasingly unpredictable threat landscape.
UK and Singapore secure agreement against ransomware payments03/11/2023 10:22:00
Members of the CRI have signed a joint statement pledging that central government funds should not be used to pay ransoms to cyber criminals.
Categorising UK cyber incidents23/08/2023 16:20:00
Explaining the NCSC and UK law enforcement categorisation model for cyber incidents.
NCSC Cyber Incident Response scheme now available to more organisations16/08/2023 13:10:00
Help investigating and recovering from cyber attack now available from a larger pool of assured providers.