Ukraine’s security forces have successfully foiled an attempted cyberattack by Russian state-controlled hackers targeting the Ukrainian military’s battlefield management system.
The attack, attributed to the notorious Sandworm hacking group acting on behalf of Russia’s military intelligence agency, was intercepted during the planning stage, as reported by Ukraine’s security service (SBU). The hackers attempted to breach Ukrainian military networks with multiple variants of newly developed custom malware, including strains like NETD, TOR, DROPBEAR, and DEBLIND, aimed at compromising Android devices.
Notably, the attackers focused their efforts on gaining unauthorized access to sensitive information related to Ukrainian military operations, equipment, whereabouts, and movements.
Specifically, the hackers sought to exploit Android tablets used by the military for combat missions to infiltrate connected devices with malware. The Ukrainian military’s reliance on Starlink satellite internet for communication played a role, with the hackers’ attempt to access devices connected to this network through a malware strain labeled STL.
The cybersecurity threat posed by the Sandworm group has persisted over time, with multiple instances of malware attacks targeted at Ukraine, including attempts to compromise critical systems like the Delta software, which monitors various aspects of military operations. The SBU noted the hackers’ elaborate attempts to disguise their malware as legitimate software, further underscoring the growing complexity and sophistication of cyber threats.
Despite the successful intervention, Ukraine remains vigilant against ongoing cyberattacks targeting its military systems and personnel.
