The Ukrainian Artillery units seem to have been sitting ducks for the Russian army. Reason: Android malware. Analysis by the cyber security firm – CrowdStrike reveals that the Russian MilitaryIntelligence (GRU) had possibly had access to the location and communications of the Ukrainian Artillery units managing their D-30 122mm towed howitzers through an Android Malware named Попр-Д30.apk. GRU is suspected to have enacted this cyberespionage operation through a group nicknamed Fancy Bear. This group which had earlier called itself as Advanced Persistent Threat 28, has also been linked to many of Russia’s other cyberespionage activities including the recent hacking of the US Democratic National Committee.
Russia’s access to the D-30 howitzer information had probably made the Ukrainian artillery forces lose more than 80% of their D-30 howitzers, and more than 50% of their weapons overall during their 2 years of conflict with Russia.
Russia has drastically escalated its cyberwarfare programs. In this cyber attack, they made use of an unseen variant of X-Agent as the Android mobile malware. The X-Agent – Попр-Д30.apk is a cross platform remote access toolkit, with many variants already being used in Windows systems. Fancy Bear is suspect to have developed a unique variant that was implanted in a legitimate Android app that was used by the Ukrainian Artillery to operate their D-30 howitzers. This Android app had been developed by Yaroslav Sherstuk, an officer of the Ukrainian Artillery. This app is claimed to reduce the firing time of the D-30 howitzer from minutes to within seconds. Though there were around 9000 users of the app it is not commonly available on Android app stores.
FANCY BEAR covertly distributed the X-Agent Android malware implant within Sherstuk’s legitimate Android application on Ukrainian military forums. Believing the app to be authentic, Ukrainian officers downloaded the app due to its time-saving benefits. However, the X-Agent in the app retrieved communications and locational data of the Android device, which helped FANCY BEAR to identify and track the location of the Android device, and hence the location of the D-30 howitzers. This knowledge of movement of the Ukrainian Artillery units gave Russia a drastic upper hand in the military engagement, which led to massive losses for the Ukrainian military.
The age of cyberwarfare has arrived. Russia has upped its cyberespionage operations, and it claims that other countries have too. Rather than missiles being fired or bombs being dropped, cyberwarfare seems to be more potent, covert and dangerous than other types of warfare. Cyberwarfare is the way of war of the future.