A joint report by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA), and agencies from Australia, Canada, the United Kingdom, and New Zealand has been published, shedding light on a malicious malware campaign conducted by Russian cyber actors against the Ukrainian military.
The malware analysis report delves into the technical intricacies of a newly discovered malware strain named “Infamous Chisel.” This malware is specifically designed to target Android devices used by Ukrainian military personnel. Infamous Chisel’s capabilities include providing unauthorized access to compromised devices, scanning files, monitoring network traffic, and periodically exfiltrating sensitive information.
Eric Goldstein, CISA’s Executive Assistant Director for Cybersecurity, emphasized the importance of international collaboration in addressing cyber threats. He stated, “Today’s joint report reflects the value of deep collaboration across our international cyber defense partners, the need for all organizations to keep their Shields Up to detect and mitigate Russian cyber activity, and the importance of continued focus on maintaining operational resilience under all conditions.”
This campaign was brought to public attention by Ukraine’s security agency, the SBU, earlier this month and is attributed to the threat actor known as Sandworm. The United Kingdom and the United States have previously linked Sandworm to the Russian GRU’s Main Centre for Special Technologies (GTsST).
This revelation underscores the ongoing efforts of Russian cyber actors in engaging in malicious activities, not only targeting the U.S. and its allies but also expanding their reach to international partners. The report serves as a warning about the evolving tactics and capabilities of state-sponsored threat actors.
For more comprehensive information regarding Russian state-sponsored cyber activities, interested parties can refer to the Joint Cybersecurity Advisory on Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure and CISA’s Russia Cyber Threat Overview and Advisories webpage.
About CISA
As the nation’s foremost cyber defense agency and the national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency (CISA) plays a pivotal role in comprehending, managing, and mitigating risks to the digital and physical infrastructure that Americans rely on every day, around the clock.