Ukrainian forces tablet computer
A Ukrainian fighter uses a tablet computer. Image: ArmySOS

Ukraine says it thwarted attempt to breach military tablets

Ukrainian security services said they prevented an attempt by Russian state-controlled hackers to break into the battlefield management system used by the Ukrainian military.

According to a technical report published on Tuesday, Russian hackers attempted to infect Ukrainian military networks with at least seven variants of new custom malware.

Ukraine’s security service, the SBU, attributed the attack to the infamous hacking group known as Sandworm, working on behalf of the Russia’s military intelligence agency. The SBU said it was able to stop the operation during the planning phase.

Since the start of the war, Sandworm has been relentlessly targeting Ukraine with various malware strains, primarily intended to disrupt critical networks.

The most recent attack, however, was directed toward gaining access to sensitive information related to the Ukrainian military's operations, whereabouts, equipment and movements, the SBU said.

Russian hackers initially sought to seize Android tablets that the Ukrainian military uses on the battlefield to plan and execute combat missions, according to the report. Through these tablets, hackers wanted to gain access to other connected devices and infect them with malware.

Ukrainian security services said that Russia’s preparation for this cyber operation was “thorough and long.”

In particular, hackers have created at least seven new info-stealing malware strains to infect Android devices, including NETD to conduct internal intelligence, TOR and DROPBEAR to gain remote access to the devices, and DEBLIND to steal data from Android devices.

Another malware strain, labeled STL, can gain access to the devices connected to Starlink satellite internet.

With no other communication networks available, the Ukrainian military depends on satellite internet. Starlink helps Ukrainian soldiers to send encrypted messages to their commanders or connect drones that track and attack Russian forces.

According to the report, Russia was making a strong effort to hide the malware by disguising some as legitimate programs, including some used by people with visual impairments.

The SBU did not disclose which specific military system the hackers primarily aimed for.

Pro-Russia hackers already have made at least one attempt to infect software critical to Ukraine’s military efforts with information-stealing malware. Earlier in December, they tried to compromise the Ukrainian system called Delta — the “eyes” of the country’s armed forces. It collects data on everything happening on the ground, in the sea, in the air, in space, and in cyberspace using drones, satellite images, electronic warfare systems, or surveillance cameras.

At that time, hackers tried to gain initial access to the system using phishing emails.

“Enemy hackers constantly attack the system and its users,” the spokesperson of the innovation department at the Ministry of Defense told Recorded Future News earlier in December.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
What is Threat Intelligence
No previous article
No new articles
Daryna Antoniuk

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.