CNN –
Russian military hackers have targeted Ukrainian soldiers’ mobile devices to steal sensitive battlefield information that could aid the Kremlin’s war on Ukraine, the United States and its allies warned on Thursday.
The new advisory from the United States and its “Five Eyes” allies – Australia, Canada, New Zealand and the United Kingdom – confirms a report from the Ukrainian security service SBU that found that the Russian hackers tried to infiltrate the Android tablets that Ukrainian military used “planning and conduct of combat missions.”
According to the SBU, the Russian hackers’ malicious code was designed to steal data sent from soldiers’ mobile devices to the Starlink satellite system owned by billionaire Elon Musk’s company. According to CNN, Starlink satellites were vital for communications on the Ukraine battlefield.
The news shows that the battle to control sensitive military data in cyberspace represents a key front in Russia’s all-out war against Ukraine.
It is unclear how successful the hacker attack was. Ukraine’s security service, the SBU, claimed to have “blocked” some of the hacking attempts, but also acknowledged that the Russians had “hijacked” the battlefield tablets and installed malware on them.
“Mobile malware is particularly insidious because it can provide intelligence agencies with the physical locations of targets,” said John Hultquist, principal analyst at Google-owned security firm Mandiant. This ability, Hultquist told CNN, can be “extremely effective on the battlefield.”
The hacking campaign comes amid a Ukrainian counteroffensive, which has been a slow, bitter battle to push back Russian forces. U.S. officials have expressed private concerns that Ukraine has been unable to make significant breakthroughs in months of fighting.
The U.S. and its allies blamed the cyber activity on a notorious hacking unit within Russian military intelligence called Sandworm, which was allegedly responsible for cyberattacks that led to power outages in Ukraine in 2015 and 2016.
CNN has reached out to the Russian Embassy in Washington, DC for comment on the allegations.
The hacking campaign “shows how Russia’s illegal war in Ukraine continues to play out in cyberspace,” Paul Chichester, head of operations at Britain’s National Cyber Security Center, said in a statement.
Pro-Ukrainian hackers have also tried to put their stamp on the war. The Ukrainian government has encouraged a loose group of thousands of volunteer hackers to launch attacks on Russian assets in Ukraine and on Russian soil.
The Pentagon has not stood idly by. Cyber Command, the U.S. military’s hacking unit, has conducted offensive cyber operations to help Ukraine defend itself against Russia, Gen. Paul Nakasone, the command’s chief, said last year.
Russian intelligence services have been targeting Ukrainian infrastructure with cyberattacks since Moscow’s all-out invasion of Ukraine began in February 2022, according to U.S. officials and private experts. Numerous cyberattacks included data-destroying hacks targeting Ukraine’s energy and transportation infrastructure. While some hacks have forced Ukrainian government agencies and businesses into recovery mode, Kiev’s digital defenses have proven resilient.
Some analysts and U.S. officials have attributed the relatively limited impact of Russian hacking attacks during the war — at least compared to the outsized expectations of Russian cyber capabilities — to the same disorganization that has plagued Russian kinetic operations. But the true extent and impact of Russian cyber operations in Ukraine are very difficult to determine in the fog of war, where both sides have an incentive to exaggerate their successes.