Results 1 to 3 of 3

Thread: tracking artillery unit locations using smartphone malware

  1. #1
    Senior Contributor
    Join Date
    14 Apr 09

    tracking artillery unit locations using smartphone malware

    Russian hackers tracked Ukrainian artillery units using Android smartphone malware implant

    By Dustin Volz
    Dec 22, 2016

    A hacking group linked to the Russian government and high-profile cyber attacks against Democrats during the U.S. presidential election likely used a malware implant on Android devices to track and target Ukrainian artillery units from late 2014 through 2016, according to a new report released Thursday.

    The malware was able to retrieve communications and some locational data from infected devices, intelligence that would have likely been used to strike against the artillery in support of pro-Russian separatists fighting in eastern Ukraine, the report from cyber security firm CrowdStrike found.

    The findings are the latest to support a growing view among Western security officials and cyber security researchers that Russian President Vladimir Putin has increasingly relied on hacking to exert influence and attack geopolitical foes.

    The hacking group, known commonly as Fancy Bear or APT 28, is believed by U.S. intelligence officials to work primarily on behalf of the GRU, Russia's military intelligence agency.

    Both the CIA and FBI believe that Fancy Bear and other Russian hackers were responsible for hacks during the election that were intended to help President-elect Donald Trump defeat Hillary Clinton, according to two senior government officials.

    Russia has repeatedly denied hacking accusations, and Trump has also dismissed the assessments of the U.S. intelligence community.

    The malware used to track Ukrainian artillery units was a variant of the kind used to hack into the Democratic National Committee, CrowdStrike co-founder Dmitri Alperovitch said in an interview. That link, in addition to the high rate of losses sustained by the type of Ukrainian artillery units targeted by hackers, creates high confidence that Fancy Bear was responsible for the implant, he said.

    "This cannot be a hands-off group or a bunch of criminals, they need to be in close communication with the Russian military," Alperovitch said.

    The implant leveraged a legitimate Android application developed by a Ukrainian artillery officer to process targeting data more quickly, CrowdStrike said.

    Its deployment "extends Russian cyber capabilities to the front lines of the battlefield", the report said, and "could have facilitated anticipatory awareness of Ukrainian artillery force troop movement, thus providing Russian forces with useful strategic planning information".

    Downloads of the legitimate app were promoted on pages used by Ukrainian artillery on vKontakte, a Russian social media website, CrowdStrike said. There is no evidence the application was made available in the Android app store, limiting its distribution, the firm said.

    The implant used on the legitimate app appears to be the first observed case of Fancy Bear malware used on the Android platform, according to the report.

    (Reporting by Dustin Volz; Editing by Paul Tait)


  2. #2
    Senior Contributor Doktor's Avatar
    Join Date
    25 Aug 08
    Skopje, Macedonia
    An app for artillery strikes on Play Store?

    Lost for words
    No such thing as a good tax - Churchill

    To make mistakes is human. To blame someone else for your mistake, is strategic.

  3. #3
    Senior Contributor
    Join Date
    05 Sep 06
    Nah, it was a home-coded APK package that you could download from certain forums, called "Correction-D30" in translation. It is claimed up to 9,000 soldiers used it operationally. The software is specifically written for setting up D30 howitzers in the field, i.e. providing the required geolocation of the firing site and performing the necessary calculations for aiming; there are claims that it brings the required processes in this down from five minutes to 15 seconds. The supposed (rather doubtable) success of the alleged Russian operation is in that Ukraine purportedly lost 80% of D30 howitzers in the last two years, while overall for artillery it was "only" 50%. With regard to its truth it should be noted that Dmitri Alperovitch, the guy placing these "news", is a senior fellow of the Atlantic Council.

    The real version is supposedly that Correction-D30 exists and is an app programmed by the Ukrainian Forces only distributed on government-provided tablets (with no wifi) specifically for such D30 operating artillery troops. The majority of D30 howitzers destroyed in Ukraine over "the last two years" were destroyed in professional counter-battery fire near the Russian border in late 2014, before the software was deployed.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Forward Operating Locations (FOL) During The Cold War?
    By Dago in forum Military Aviation
    Replies: 6
    Last Post: 31 Aug 11,, 14:34
  2. New Brigade Combat Team Locations
    By Wraith601 in forum Europe and Russia
    Replies: 4
    Last Post: 27 Jan 06,, 19:37

Share this thread with friends:

Share this thread with friends:

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts