Russian military hackers have been targeting Ukrainian soldiers’ mobile devices in a bid to steal sensitive battlefield information that could aid the Kremlin’s war on Ukraine, the US and its allies warned Thursday.
The new advisory from the US and its “Five Eyes” allies – Australia, Canada, New Zealand and the United Kingdom – corroborates a report from Ukraine’s SBU security service that found the Russian hackers sought to infiltrate the Android tablets that the Ukrainian military used for “planning and performing combat missions.”
The Russian hackers’ malicious code was designed to steal data sent from soldiers’ mobile devices to the Starlink satellite system made by billionaire Elon Musk’s company, according to the SBU. Starlink satellites have been crucial to Ukraine’s battlefield communications, CNN previously reported.
The news shows how the struggle to control sensitive military data in cyberspace has been a key front in Russia’s full-scale war on Ukraine.
It’s unclear just how successful the hacking effort was. Ukraine’s SBU security service claimed to have “blocked” some of the hacking attempts, but also conceded that the Russians had “captured” the tablets on the battlefield and planted malicious software on them.
“Mobile malware is particularly insidious because it can give intelligence services the physical locations of targets,” said John Hultquist, chief analyst at security firm Mandiant, which is owned by Google. That capability, Hultquist told CNN, can be “extremely effective on the battlefield.”
The hacking campaign comes amid a Ukrainian counteroffensive that has been a slow, grinding fight to push Russian forces back. US officials have expressed private concerns that Ukraine has been unable to make any substantial breakthroughs in months of fighting.
The US and its allies blamed the cyber activity on a notorious hacking unit within Russia’s military intelligence directorate known as Sandworm, which was allegedly responsible for cyberattacks that cut power in Ukraine in 2015 and 2016.
CNN has requested comment from the Russian Embassy in Washington, DC, on the allegations.
The hacking campaign “illustrates how Russia’s illegal war in Ukraine continues to play out in cyberspace,” Paul Chichester, director of operations at the UK’s National Cyber Security Centre, said in a statement.
Pro-Ukraine hackers have also tried to leave their mark on the war. The Ukrainian government has encouraged a loose band of thousands of volunteer hackers to launch attacks on Russian assets in Ukraine and on Russian soil.
The Pentagon hasn’t sat by idly. Cyber Command, the US military’s hacking unit, has conducted offensive cyber operations in support of Ukraine as it defends itself against Russia, Gen. Paul Nakasone, the head of the command, said last year.
Russian intelligence services have pummeled Ukrainian infrastructure with cyberattacks since the start of Moscow’s full-scale invasion of Ukraine in February 2022, according to US officials and private experts. The array of cyberattacks have included data-destroying hacks aimed at Ukrainian energy and transportation infrastructure, among others. While some hacks have forced Ukrainian government agencies and companies into recovery mode, Kyiv’s digital defenses have been resilient.
Some analysts and US officials have attributed the relatively limited impact of Russian hacking – at least compared with the outsize expectation of Russian cyber prowess – during the war to the same disorganization that has plagued Russian kinetic operations. But the true scope and impacts of Russian cyber operations in Ukraine is very difficult to pin down in the fog of war, where both sides have incentive to exaggerate their successes.
CNN’s Katie Bo Lillis contributed to this report.