The Russian hacking group Fancy Bears hacked Android devices to track the Ukrainian artillery, according to a research published by security company CrowdStrike.
The Malware Used Was X-Agent…
The malware used by the Russian hackers aimed to collect information on the location of Ukraine’s artillery units.
In the summer of 2016, CrowdStrike intelligence analysts began investigating the Android Package (APK) named “Попр-Д30.apk” as it contained a number of military in nature Russian language artifacts. At first, they discovered that the filename was related to the D-30 122mm towed howitzer, which was an artillery weapon from the Soviet Union in the 60’s but still in use today.
A more in-depth research revealed that the Android application was infected with X-Agent – a remote access toolkit used to reach Android devices that were used for certain features and employed by artillery systems in Ukraine. X-Agent was distributed on Ukrainian military forums and infected almost 9,000 artillery personnel.
Originally, the application was developed by the Ukrainian artillery officer Yaroslav Sherstuk with the purpose to reduce targeting time from minutes to less than 15 seconds. Fancy Bear then hacked this application and implanted the compromised package called “Попр-Д30.apk” in order to retrieve communications and location from the infected devices. That information was then sent to the Russian army.
Fancy Bear Hackers
The Fancy Bear hackers are a Russian group targeting mainly defense ministries and military officials in the United States, Western Europe, Brazil, China, Iran, and other countries.
What’s more, they’ve stolen athletes’ medical data from the World Anti-Doping Agency and revealed some disturbing facts about the athletes claiming they stand for fair play:
“Greetings citizens of the world. Allow us to introduce ourselves… We are Fancy Bears’ international hack team. We stand for fair play and clean sport.”