Android Malware Targeting Ukraine 'Ties Russian GRU To Election Hacks'

http://www.forbes.com/sites/thomasbrewster/2016/12/22/android-howitzer-app-gru-hac-of-dnc-russian-link-crowdstrike/#5090b13c2f03

The most convincing evidence yet tying Russia's GRU intelligence agency to the hack of the Democratic National Committee has been found in a bizarre tale involving an Android app developed by a Ukrainian military officer, security firm CrowdStrike claimed today.

The company, which helped the DNC with the investigation of its notorious breach earlier this year, said it had uncovered Android malware used by the so-called Fancy Bear crew in June 2016. Fancy Bear is widely believed to be the group behind the DNC hit as well as the Democratic Congressional Campaign Committee (DCCC) hack.

That spyware was hiding inside an app developed by a Ukrainian artillery officer called Yaroslav Sherstuk, which was designed to help expedite the processing of targeting data for the Soviet-era D-30 Howitzers he was using, CrowdStrike said.

(snip)

Fancy Bear inserted its malware into the apps, which would reveal the location of the host Android phone and allowed Fancy Bear to snoop on infected devices, he said. This may have had a devastating impact on Ukraine's defense, Alperovitch added, pointing to open source research that indicated in two years of conflict over 80 per cent of D-30 howitzers had been destroyed. "This was pretty devastatingly effective," said Alperovitch.

(snip)

But Alperovitch believes this is one of the clearest indicators yet that the hacks on the U.S. election were ordered by the GRU. "It's pretty high confidence that Fancy Bear had to be in touch with the Russian military," he added. "This is exactly what the mission is of the GRU."

(end snip)

edited to add Reuters link:

http://www.reuters.com/article/us-cyber-ukraine-idUSKBN14B0CU

A hacking group linked to the Russian government and high-profile cyber attacks against Democrats during the U.S. presidential election likely used a malware implant on Android devices to track and target Ukrainian artillery units from late 2014 through 2016, according to a new report released Thursday.

The malware was able to retrieve communications and some locational data from infected devices, intelligence that would have likely been used to strike against the artillery in support of pro-Russian separatists fighting in eastern Ukraine, the report from cyber security firm CrowdStrike found.

The findings are the latest to support a growing view among Western security officials and cyber security researchers that Russian President Vladimir Putin has increasingly relied on hacking to exert influence and attack geopolitical foes.

The hacking group, known commonly as Fancy Bear or APT 28, is believed by U.S. intelligence officials to work primarily on behalf of the GRU, Russia's military intelligence agency.

Both the CIA and FBI believe that Fancy Bear and other Russian hackers were responsible for hacks during the election that were intended to help President-elect Donald Trump defeat Hillary Clinton, according to two senior government officials.

(end snip)