View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 1, 2023

‘Infamous Chisel’ hacking tools developed by Russian hackers to target Ukraine, says Five Eyes

The suite of tools has been used to spy on Ukrainian soldiers on the battlefield. The gang behind it is closely linked to the Russian government.

By Claudia Glover

A suite of Android hacking tools dubbed ‘Infamous Chisel’ is reportedly being deployed by cybercriminals to access tablets being used by the Ukrainian army on the battlefield. The tools have been developed by a hacking gang with close ties to the Russian government, according to a new report from by the UK’s National Cyber Security Centre (NCSC) and its allies in the Five Eyes security alliance.

Hacking tools are being used by GRU to hack into Ukrainian battlefield tablets, say Five Eyes. (Photo by Kutsenko Volodymyr/Shutterstock)

The tools in Infamous Chisel have been used by the GRU, Russia’s military intelligence services, to access Android devices of Ukrainian military officials in a bid to garner military information by scanning files, monitoring traffic and periodically stealing sensitive information, according to Ukrainian intelligence agency the SBU.

Hacking tools Infamous Chisel used by GRU to access Ukrainian military intelligence

The joint report was released on Thursday by the Five Eyes, an intelligence alliance comprising the UK, Australia, Canada, New Zealand and the US. It attributes the tools in Infamous Chisel to the hacking group Sandworm, which is known to be directly linked to intelligence services within the Russian government. 

According to the report, the tools are being used by the GRU to access crucial military data from Ukrainian devices in an effort to gain the upper hand in the war that began with Russia’s invasion of Ukraine in February 2022.

The hacking campaign was first disclosed by the SBU earlier this month. The agency announced in its own report that it had detected and deflected numerous intrusion attempts by Russian state-controlled cybercriminals trying to break into Ukraine’s battlefield management system. 

“Since the first days of the full-scale war, we have been fending off cyberattacks of Russian intelligence services aiming to break our military command system and more,” said Illia Vitiuk, head of the SBU Cyber Security Department, at the time. “The operation we have carried out now is the cyber defence of our forces.”

The results of the investigation allowed the SBU to conclude that Russia had captured Ukrainian tablets on the battlefield to spread malware and mine intelligence. Ukraine has identified numerous malware samples designed to extract information from the system.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

The info-stealing malware strains targeting Android devices include NETD, which conducts internal intelligence, TOR and DROPBEAR, which gain remote access into devices as well as DEBLIND, which steals the data. 

Russia using ‘low sophistication’ hacking tools against Ukraine

The NCSC has deemed the cyber tools to be low to medium sophistication. “They appear to have been developed with little regard to defence evasion or concealment of malicious activity,” the report says. “Even with the lack of concealment functions, these components present a serious threat because of the impact of the information they can collect.”

By publishing the joint report, the Five Eyes nations say they are demonstrating an ongoing commitment to support Ukraine in the face of Russian attacks, particularly in the area of cyber defence. 

“The UK is committed to calling out Russian cyber aggression and we will continue to do so,” explains Paul Chichester, NCSC director of operations. “Our new report shares expert analysis of how this new malware operates and is the latest example of our work with allies in support of Ukraine’s staunch defence.”

Chichester added that the “exposure of this malicious campaign against Ukrainian military targets illustrates how Russia’s illegal war in Ukraine continues to play out in cyberspace”.

Read more: Treat large language AI models like a ‘beta’ product – NCSC

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.