SlideShare a Scribd company logo

Російські хакери стежили за артилерією ЗСУ через Android

tsnua
tsnua

Російські хакери використовували додатки Android для відстежування української артилерії з 2014 по 2016 роки Про це йдеться у звіті компанії з кібербезпеки CrowdStrike/

News & Politics
1 of 11
Download to read offline
CROWDSTRIKE GLOBAL INTELLIGENCE TEAM web: WWW.CROWDSTRIKE.COM | twitter: @CROWDSTRIKE Copyright 2016 USE OF FANCY BEAR ANDROID MALWARE IN TRACKING OF UKRAINIAN FIELD ARTILLERY UNITS P U B L I S H E D D E C E M B E R 2 2
KEY POINTS • From late 2014 and through 2016, FANCY BEAR X-Agent implant was covertly distributed on Ukrainian military forums within a legitimate Android application developed by Ukrainian artillery officer Yaroslav Sherstuk. • The original application enabled artillery forces to more rapidly process targeting data for the Soviet-era D-30 Howitzer employed by Ukrainian artillery forces reducing targeting time from minutes to under 15 seconds. According to Sherstuk’s interviews with the press, over 9000 artillery personnel have been using the application in Ukrainian military. • Successful deployment of the FANCY BEAR malware within this application may have facilitated reconnaissance against Ukrainian troops. The ability of this malware to retrieve communications and gross locational data from an infected device makes it an attractive way to identify the general location of Ukrainian artillery forces and engage them. • Open source reporting indicates that Ukrainian artillery forces have lost over 50% of their weapons in the 2 years of conflict and over 80% of D-30 howitzers, the highest percentage of loss of any other artillery pieces in Ukraine's arsenal. • This previously unseen variant of X-Agent represents FANCY BEAR’s expansion in mobile malware development from iOS- capable implants to Android devices, and reveals one more component of the broad spectrum approach to cyber operations taken by Russia-based actors in the war in Ukraine. • The collection of such tactical artillery force positioning intelligence by FANCY BEAR further supports CrowdStrike’s previous assessments that FANCY BEAR is likely affiliated with the Russian military intelligence (GRU), and works closely with Russian military forces operating in Eastern Ukraine and its border regions in Russia. “ OPEN-SOURCE REPORTING INDICATES LOSSES OF ALMOST 50% OF EQUIPMENT IN THE LAST 2 YEARS OF CONFLICT AMONGST UKRAINIAN ARTILLERY FORCES AND OVER 80% OF D-30 HOWITZERS WERE LOST, FAR MORE THAN ANY OTHER PIECE OF UKRAINIAN ARTILLERY 9. ”
BACKGROUND In late June and August 2016, CrowdStrike Intelligence provided initial reporting and technical analysis of a variant of the FANCY BEAR implant X-Agent that targeted the Android mobile platform2 . CrowdStrike identified this X-Agent variant within a legitimate Android application named Попр-Д30.apk. This app was developed and used by artillery troops to simplify targeting data for the D-30 towed howitzer. CrowdStrike investigation reveals that this app has been utilized in a possible training or operational role in at least one unit of the Ukrainian military. Therefore, the implant likely targeted military artillery units operating against pro- Russian separatists in Eastern Ukraine. This implant represents further advancements in FANCY BEAR’s development of mobile malware for targeted intrusions and extends Russian cyber capabilities to the front lines of the battlefield. This Tipper builds on CrowdStrike’s previous reporting by providing a timeline of events, contextual discussion regarding the potential drivers for development and deployment of the malware, and a description of the analytical process resulting in targeting assessments. Finally, this Tipper leverages these assessments, in conjunction with more recently observed activity by Russia-based adversaries, to determine the potential for any future activity in the mobile malware threat space. “ CROWDSTRIKE IDENTIFIED THIS X-AGENT VARIANT WITHIN A LEGITIMATE ANDROID APPLICATION NAMED ПОПР-Д30.APK. THIS APP WAS DEVEL- OPED AND USED BY ARTILLERY TROOPS TO SIMPLIFY TARGETING DATA FOR THE D-30 TOWED HOWITZER ”
Russia offers Ukraine loans and discounts on gas Referendum on Crimea/Crimean annexation Gazprom increases gas prices, Ukraine skips payment Intrusions into Ukraine’s Transportation Sector Presidential Elections in Ukraine DDoS and targeted intrusions in media, financial, political entities in Ukraine Malicious App Observed in Distribution on Forums Protests reach their peak, gov’t cracks down violently; agreement reached for elections; Yanukovich flees to Russia Armed men appear in unmarked uniforms in Crimea DDoS vs. NATO Pro-Russian forces begin seizing government resources in Eastern Ukraine Intrusion against Ukraine’s Central Election Commission Malaysia Air Flight MH17 destroyed by pro-Russian Separatists Minsk I Ceasefire Signed Video depicting use of Попр-Д30 application in eastern Ukraine Earliest public reporting on the Android App developed by the Ukrainian soldier CyberBerkut Emerges JAN FEB MAR APR MAY JUNE JULY AUG SEPT OCT NOV DEC JAN FEB MAR APR MAY JUNE JULY AUG SEPT OCT NOV DEC П О П Р -Д 3 0 DE VELO PED 2 0 FEB - 13 APR Ukraine’s Parliament convenes and plans to lay foundation for EU Association Agreement UKR Pres. Yanukovych does about face on planned EU agree- ment, orients towards Russia Protest movement begins in Kiev Individual believed to be the developer promotes Android App on Russian Social Media Site vKontakte Kremlin threatens Ukraine over EU agreement Anon Ops vs. Ukraine Gov’t Web- sites - Defacements and DDoS 20 13 20 14 LIKELY RUSSIA-BASED RECONNAISSANCE OF UKRAINIAN GOVERNMENT AND/OR MILITARY TARGETS ARMED CONFLICT IN UKRAINE MALICIOUS APP DISTRIBUTIONPOSSIBLE DEVELOPMENT TIME FRAME: MALICIOUS X-AGENT IMPLANT INJECT FOR ПОПР-Д30 LATE APRIL 2013 - EARLY DECEMBER 2014 LEGEND Events associated with the Android app International Events or Diplomacy Efforts Ukrainian Domestic Affairs Targeted Intrusion, DDoS or Disinformation Russian / Ukrainian Confrontation
JAN FEB MAR APR MAY JUNE JULY AUG SEPT OCT NOV DEC JAN FEB MAR APR MAY JUNE JULY AUG SEPT OCT NOV DEC Developer of benign app promoted within Ukrainian military Pro-Russian Hacktivist Group Sprut Emerges Crimea lacks electricity after physical attack Cyber attacks against Ukrainian power stations Attack on Kiev Airport System Reported testing period for ArtOS News story associating app author as head of the ArtOS project, a joint en- deavor with the Noosphere Engineering School Forums discussing the app and claiming to be associat- ed with the developers users are called out as fraudulent some users claim copy apps are distributing malware First Minsk Ceasefire Collapses Minsk II Protocol signed Targeted intrusions against Ukraine’s Ministry of Defense 20 15 20 16 LIKELY RUSSIA-BASED RECONNAISSANCE OF UKRAINIAN GOVERNMENT AND/OR MILITARY TARGETS ARMED CONFLICT IN UKRAINE MALICIOUS APP DEVELOPMENT, DEPLOYMENT, AND USAGE TIME FRAME LATE APRIL 2013 - AND BEYOND LEGEND Events associated with the Android app International Events or Diplomacy Efforts Ukrainian Domestic Affairs Targeted Intrusion, DDoS or Disinformation Russian / Ukrainian Confrontation CyberBerkut Releases Info Associated With Claimed Intrusion into Ukraine’s Security Service SBU CyberBerkut Defaces Bellingcat Website
“ THE ORIGINAL, BENIGN APPLICATION ENABLED ARTILLERY FORCES TO MORE RAPIDLY PROCESS TARGETING DATA FOR THE D-30 HOWITZER REDUCING TARGETING TIME FROM MINUTES DOWN TO 15 SECONDS. ” TIMELINE OF EVENTS DEVELOPMENT AND DISTRIBUTION PROCESS OF THE BENIGN APPLICATION The original application central to this discussion, Попр-Д30.apk, was initially developed domestically within Ukraine by a member of the 55th Artillery Brigade. Based on the file creation timestamps as well as the app signing process, which occurred on 28 March 2013, CrowdStrike has determined that the app was developed sometime between 20 February and 13 April 2013. Shortly after that time frame, on 28 April 2013, an individual bearing the same name as the application’s developer promoted the application on Russian vKontakte3 pages associated with the artillery forces. The promotion of the program was likely limited to social media, and the distribution was controlled from the author’s main page, «Програмное обеспечение современного боя» (translation: Modern combat software).4 As an additional control measure, the program was only activated for use after the developer was contacted and issued a code to the individual downloading the application. No evidence of the application has been observed on the Android app store, making it unlikely that the app was distributed via that platform. The control measures established by the developer to limit the use and proliferation of the Попр-Д30.apk application, coupled with its unique purpose, make its broad distribution on the Android store improbable. At the time of this writing, it is unclear to what degree and for how long this specific application was utilized by the entirety of the Ukrainian Artillery Forces. Based on open source reporting, social media posts, and video evidence, CrowdStrike assesses that Попр-Д30.apk was potentially used through 2016 by at least one artillery unit operating in eastern Ukraine. RECONNAISSANCE, DEVELOPMENT AND DISTRIBUTION OF THE MALICIOUS APPLICATION RECONNAISSANCE Given the estimated development timeframe and the promotional period for the benign Попр-Д30.apk application, the program was likely available online for distribution after late April 2013. CrowdStrike Intelligence assesses that the application likely came to the attention of Russia- based adversaries around this time frame as a result of ongoing Russian
reconnaissance associated with the revolution in Ukraine. Actors with a nexus to Russia regularly monitor social media sites in order to better understand or formulate operations against their targets. CrowdStrike Intelligence has noted instances in which some Russia-based actors and attribution front groups have leveraged information obtained from Ukrainian social media sites in order to perform operations. The most notable recent example of this was in the case of extortion-based threats directed against the Polish Government.5 In this particular case, the perpetrators likely sought out openly available account information from a vKontakte page belonging to a Ukrainian citizen, who was soliciting donations to aid volunteer soldiers fighting in eastern Ukraine. The adversary then used this profile information, in conjunction with the name Pravyy Sector, to make it appear as though the extortion threats against the Polish government were originating from an ultranationalist Ukrainian group. CrowdStrike has assessed that by performing this type of deceptive operation the perpetrator likely sought to make it appear as though Ukrainian interests were threatening the Polish government. In addition, because the individual account hijacked for this operation had been used to try to raise funds for Ukrainian forces, the adversary may have been trying to aggravate Western governments enough to freeze the individual’s accounts. The attack did not appear to achieve its intended result. Poland rebuffed the threats, and the owner of the vKontakte page denounced any involvement in the threat. Subsequently the Pravyy Sector group scrubbed their social media page of much of the information associated with this failed operation. This particular incident is an example of how a disinformation operation is staged. While this incident is not likely to be related to the development of the X-Agent Android variant, it demonstrates the reconnaissance and pre- planning tactics that precede the rest of a campaign. Development and Distribution CrowdStrike has discovered indications that as early as 2015 FANCY BEAR likely developed X-Agent applications for the iOS environment, targeting jailbroken Apple mobile devices. The use of the X-Agent implant in the original Попр-Д30.apk application appears to be the first observed case of FANCY BEAR malware developed for the Android mobile platform. On 21 December 2014 the malicious variant of the Android application was first observed in limited public distribution on a Russian language, Ukrainian military forum. A late 2014 public release would place the development timeframe for this implant sometime between late-April 2013 and early December 2014. “ FOR UKRAINIAN TROOPS, ARTILLERY FORCES HAVE ALSO SHOULDERED A HEAVY COST. IN 2 YEARS OF CONFLICT, THEY HAVE LOST NEARLY 50% OF THEIR ARTILLERY PIECES AND OVER 80% OF D-30 HOWITZERS, FAR MORE THAN ANY OTHER PIECE OF UKRAINIAN ARTILLERY. ”
During that proposed development timeframe, a number of significant events unfolded between Ukraine, Russia, and the international community. Most notably, Russian attempts to influence Ukrainian-EU relations resulted in the large-scale, Maidan protest movement, eventually resulting in the ouster of then-president Victor YANUKOVYCH, the invasion and annexation of the Crimean Peninsula by Russia, and the protracted armed conflict in eastern Ukraine. Therefore, the creation of an application that targets some of the front line forces pivotal in Ukrainian defense on the eastern front would likely be a high priority for Russian adversary malware developers seeking to turn the tide of the conflict in their favor. CrowdStrike Intelligence has assessed that the distribution of the malicious application targeted the very artillery units for which the benign application was developed—brigades operating in eastern Ukraine on the frontlines of the conflict with Russian-backed separatist forces during the early stages of the conflict in late-2014. This assessment is based on a number of factors, but chief among them is the likelihood that a military member would only trust and use an application designed to calculate something as critical as targeting data if it was developed and promoted by a member of their own forces. The type of operational activity described here suggests an extremely sophisticated understanding of the target that only a skilled adversary would likely possess. By late December 2014, the total number of Russian forces in the region was approximately 10,000 troops.6 Because the Android malware could facilitate gross position information, its successful deployment could have facilitated anticipatory awareness of Ukrainian artillery force troop movement, thus providing Russian forces with useful strategic planning information. Indeed, the 55th Artillery Brigade and similar artillery units operated frequently against pro-Russian separatists in eastern Ukraine. A video posted on 18 October 20157 specifically shows them employing the Попр-Д30.apk application and operating in the vicinity of eastern Ukraine. The choice of the Russian language character set in the application further underscores the targeting of forces within eastern Ukraine, as Russian is the predominant language utilized in that region. An assessment of languages spoken by region based on the most recent census information illustrates the permeation of the Russian language in that region and highlights the value of providing Russian in the malicious Попр-Д30.apk application. One alternative theory regarding the use of the Russian language in the application could be that targeting may have been directed at pro-Russian “ CROWDSTRIKE INTELLIGENCE HAS ASSESSED THAT THE DISTRIBUTION OF THE MALICIOUS APPLICATION TARGETED THE VERY ARTILLERY UNITS FOR WHICH THE BENIGN APPLICATION WAS DEVELOPED—BRIGADES OPERATING IN EASTERN UKRAINE ON THE FRONTLINES OF THE CONFLICT WITH RUSSIAN-BACKED SEPARATIST FORCES DURINGTHE EARLY STAGES OF THE CONFLICT IN LATE-2014. ”
forces operating in eastern Ukraine. A relevant and likely counterargument for this theory, however, is that Russian forces likely have employed fire support systems and other technologies that can already calculate targeting data, negating the need for an application to perform this task. Additionally, the application was initially developed by a member of the Ukrainian army. An opposing force would probably not adopt technology developed by the enemy for use on the battlefield. OUTCOMES AND CONCLUSION The eastern Ukrainian front has been markedly impacted by heavy fighting involving Russian troops and pro-Russian rebel fighters deployed to this region. Artillery forces on both sides of the conflict have served an important role. For Ukrainian troops, artillery forces have also shouldered a heavy cost. Open-source reporting indicates losses of almost 50% of equipment in the last 2 years of conflict amongst Ukrainian artillery forces and over 80% of D-30 howitzers were lost, far more than any other piece of Ukrainian artillery 9.9 Between July and August 2014, Russian backed forces launched some of the most decisive attacks against Ukrainian forces, resulting in significant loss of life, weaponry, and territory. According to open sources, Ukrainian service personnel from the 24th and 72nd Mechanized Brigade, as well as the 79th Airborne Brigade, were among the units to have suffered casualties. International monitoring groups later assessed some of the attacks were likely to have come from inside Russian territory.10 A malware-infected Попр-Д30.apk application probably could not have provided all the necessary data required to directly facilitate the types of tactical strikes that occurred between July and August 2014. Eyewitness accounts from individuals within the impacted units reported seeing an unmanned aerial vehicle (UAV) used in the area prior to one attack, underscoring the need for precise locational data for these particular strikes and introducing the possibility U R K A N I A N R U S S I A N O T H E R U N C L E A R U R K A N I A N R U S S I A N E Q U A L L Y 92.6% 78.2% 35.3% 37.4% 19.9% 2.9% 16.6% 38.4% 34.4% 34% 40.4%25.9%20%4.2%2% W E S T C E N T E R S O U T H E A S T D O N B A S S 1.6% .4% 5.4% 1.3% 5.2% .5%1%.9%.6%.9% L A N G U A G E S S P O K E N B Y R E G I O N Distribution of Russian/Ukrainian Language Use in Ukraine8
“ CROWDSTRIKE INTELLIGENCE ASSESSES A TOOL SUCH AS THIS HAS THE POTENTIAL ABILITY TO MAP OUT A UNIT’S COMPOSITION AND HIERARCHY, DETERMINE THEIR PLANS, AND EVEN TRIANGULATE THEIR APPROXIMATE LOCATION ” that the Android malware served to support the reconnaissance role of traditional battlefield assets. Although traditional overhead intelligence surveillance and reconnaissance (ISR) assets were likely still needed to finalize tactical movements, the ability of this application to retrieve communications and gross locational data from infected devices, could provide insight for further planning, coordination, and tasking of ISR, artillery assets, and fighting forces. The X-Agent Android variant does not exhibit a destructive function and does not interfere with the function of the original Попр-Д30.apk application. Therefore, CrowdStrike Intelligence has assessed that the likely role of this malware is strategic in nature. The capability of the malware includes gaining access to contacts, Short Message Service (SMS) text messages, call logs, and internet data, and FANCY BEAR would likely leverage this information for its intelligence and planning value. CrowdStrike Intelligence assesses a tool such as this has the potential ability to map out a unit’s composition and hierarchy, determine their plans, and even triangulate their approximate location. This type of strategic analysis can enable the identification of zones in which troops are operating and help prioritize assets within those zones for future targeting. Additionally, a study provided by the International Institute of Strategic Studies determined that the weapons platform bearing the highest losses between 2013 and 2016 was the D-30 towed howitzer.11 It is possible that the deployment of this malware infected application may have contributed to the high-loss nature of this platform. The development of the X-Agent Android malware represents an expansion of FANCY BEAR capabilities in terms of mobile malware, and illustrates the practical application of full-spectrum combat as envisioned in the eponymous doctrinal writings of General Valery GERASIMOV. As a part of full-spectrum operations in Ukraine, Russia-based adversaries have leveraged malware on the battlefield, in the civil sector, and against critical infrastructure. They have also engaged in aggressive information operations in the media. In relation to this broader picture of Russian computer operations, the approach to targeting mobile smartphone and tablet devices in order to gain strategic insight into communications is a tactic that cannot be disregarded. CrowdStrike assesses that the observed and described X-Agent implant targeting Ukrainian military Android devices running the Попр-Д30.apk
application is likely only the initial iteration of this type of malware. While this malware was initially discovered in a battlefield environment, an adversary could also leverage it in attacks against non-military targets. Mobile devices and internet-connected technology have increasingly proliferated civilian and military organizations. This technique may very likely be deployed in the political, government, or non-governmental sectors in the near future. 1-The name Попр-Д30.apk is an abbreviated variant of Поправки-Д30 which translates to Correction-D30. 2-For more information, contact CrowdStrike 3-vKontakte is a Russian social media networking site alike in layout and functionality to Facebook. 4-http://programs-art.at.ua 5-For more information, contact CrowdStrike 6-Igor Sutyagin, “Russian Forces in Ukraine,” Royal United Services Institute, March 2015, https://rusi.org/sites/default/files/201503_bp_ russian_forces_in_ukraine.pdf 7-https://www.youtube.com/watch?v=qp-7e_ZGH8I 8-Data for image circa 2015. Note: These maps do not provide data for Crimea. According to various sources, there are estimates suggesting that, in greater Crimea 80% speak Russian, 10% speak Ukrainian, and 10% speak Tatar. The percentage of Russian speakers is estimated to be higher in Sevastopol, most likely dues to the Russian Naval Base in the region. Source: The Razumkov Center report on The Ukranian Citizen's Identity in the New Environment: Status, Trends, Regional Differences,”7 June 2016, razumkov.org.ua/upload/identi-2016.pdf. 9-http://thesaker.is/ukrainian-army-losses-in-ato-anti-terrorist-operation- according-to-the-iisss-military-balance/ 10-For more information, see “Origin of Artillery Attacks on Ukrainian Military Positions in Eastern Ukraine between 14 July 2014 and 8 August 2014, https://www.bellingcat.com/news/uk-and-europe/2015/02/17/ origin-of-artillery-attacks/. “ THE COLLECTION OF SUCH TACTICAL ARTILLERY FORCE POSITIONING INTELLIGENCE BY FANCY BEAR FURTHER SUPPORTS CROWDSTRIKE’S PREVIOUS ASSESSMENTS THAT FANCY BEAR IS LIKELY AFFILIATED WITH THE RUSSIAN MILITARY INTELLIGENCE (GRU) ”

Recommended

Rmc intelligence and analysis division open source update march 2019
Rmc intelligence and analysis division open source update march 2019Rmc intelligence and analysis division open source update march 2019
Rmc intelligence and analysis division open source update march 2019ChadCogan
 
Osint data mining
Osint data miningOsint data mining
Osint data miningDaniel John
 
Great year for censorship
Great year for censorshipGreat year for censorship
Great year for censorshipRobin Grassi
 
Burkett matthew digital_citizenship
Burkett matthew digital_citizenshipBurkett matthew digital_citizenship
Burkett matthew digital_citizenshipMatthew Burkett
 
"Great Year for censorship"
"Great Year for censorship""Great Year for censorship"
"Great Year for censorship"Robin Grassi
 
Affiche 70x100 uk_bd[3]
Affiche 70x100 uk_bd[3]Affiche 70x100 uk_bd[3]
Affiche 70x100 uk_bd[3]Robin Grassi
 
Afghan Peace Hopes Amid GreenonBlue Attacks
Afghan Peace Hopes Amid GreenonBlue Attacks Afghan Peace Hopes Amid GreenonBlue Attacks
Afghan Peace Hopes Amid GreenonBlue Attacks Naveed Ahmad
 
2013 State of Social Media Spam Research Report
2013 State of Social Media Spam Research Report2013 State of Social Media Spam Research Report
2013 State of Social Media Spam Research ReportPrayukth K V
 

Recommended

Rmc intelligence and analysis division open source update march 2019
Rmc intelligence and analysis division open source update march 2019Rmc intelligence and analysis division open source update march 2019
Rmc intelligence and analysis division open source update march 2019ChadCogan
 
Osint data mining
Osint data miningOsint data mining
Osint data miningDaniel John
 
Great year for censorship
Great year for censorshipGreat year for censorship
Great year for censorshipRobin Grassi
 
Burkett matthew digital_citizenship
Burkett matthew digital_citizenshipBurkett matthew digital_citizenship
Burkett matthew digital_citizenshipMatthew Burkett
 
"Great Year for censorship"
"Great Year for censorship""Great Year for censorship"
"Great Year for censorship"Robin Grassi
 
Affiche 70x100 uk_bd[3]
Affiche 70x100 uk_bd[3]Affiche 70x100 uk_bd[3]
Affiche 70x100 uk_bd[3]Robin Grassi
 
Afghan Peace Hopes Amid GreenonBlue Attacks
Afghan Peace Hopes Amid GreenonBlue Attacks Afghan Peace Hopes Amid GreenonBlue Attacks
Afghan Peace Hopes Amid GreenonBlue Attacks Naveed Ahmad
 
2013 State of Social Media Spam Research Report
2013 State of Social Media Spam Research Report2013 State of Social Media Spam Research Report
2013 State of Social Media Spam Research ReportPrayukth K V
 
The Shifting Landscape of PoS MalwareOutput
The Shifting Landscape of PoS MalwareOutputThe Shifting Landscape of PoS MalwareOutput
The Shifting Landscape of PoS MalwareOutputSilas Cutler
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackPriyanka Aash
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdStrike
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeCrowdStrike
 
Kramatorsk Report FINAL.pdf
Kramatorsk Report FINAL.pdfKramatorsk Report FINAL.pdf
Kramatorsk Report FINAL.pdfssuser3957bc1
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsCrowdStrike
 
SOPHOS Threat Report.pdf
SOPHOS Threat Report.pdfSOPHOS Threat Report.pdf
SOPHOS Threat Report.pdfJorgeRosa46
 
Forensic Analysis of Satellite Images Released by the Russian Ministry of ...
Forensic Analysis of Satellite Images Released by the Russian Ministry of ...Forensic Analysis of Satellite Images Released by the Russian Ministry of ...
Forensic Analysis of Satellite Images Released by the Russian Ministry of ...UkraineUnderAttack
 
Розслідування Bellingcat щодо збитого на Донбасі МН17
Розслідування Bellingcat щодо збитого на Донбасі МН17Розслідування Bellingcat щодо збитого на Донбасі МН17
Розслідування Bellingcat щодо збитого на Донбасі МН17tsnua
 
Alexandros Kolovos, Commercial Satellites in Crisis and War: The Case of the ...
Alexandros Kolovos, Commercial Satellites in Crisis and War: The Case of the ...Alexandros Kolovos, Commercial Satellites in Crisis and War: The Case of the ...
Alexandros Kolovos, Commercial Satellites in Crisis and War: The Case of the ...alexanderkolovos
 
fe-cyber-attacks-ukrainian-grid.pdf
fe-cyber-attacks-ukrainian-grid.pdffe-cyber-attacks-ukrainian-grid.pdf
fe-cyber-attacks-ukrainian-grid.pdfMihirTiwari8
 
Self Learning Anti Drone System
Self Learning Anti Drone SystemSelf Learning Anti Drone System
Self Learning Anti Drone Systemyovist taufan
 
Ukrnafta.pdf
Ukrnafta.pdfUkrnafta.pdf
Ukrnafta.pdftsnua
 
Список 215 звільнених українців з російського полону
Список 215 звільнених українців з російського полонуСписок 215 звільнених українців з російського полону
Список 215 звільнених українців з російського полонуtsnua
 
Ложкін
ЛожкінЛожкін
Ложкінtsnua
 
Оновлений перелік, на основі якого внутрішньо переміщеним особам здійснюватим...
Оновлений перелік, на основі якого внутрішньо переміщеним особам здійснюватим...Оновлений перелік, на основі якого внутрішньо переміщеним особам здійснюватим...
Оновлений перелік, на основі якого внутрішньо переміщеним особам здійснюватим...tsnua
 
Закон про запровадження надзвичайного стану в Україні
Закон про запровадження надзвичайного стану в УкраїніЗакон про запровадження надзвичайного стану в Україні
Закон про запровадження надзвичайного стану в Україніtsnua
 
Підозра Петру Порошенку
Підозра Петру ПорошенкуПідозра Петру Порошенку
Підозра Петру Порошенкуtsnua
 
Хартія стратегічного партнерства США – Україна
Хартія стратегічного партнерства США – УкраїнаХартія стратегічного партнерства США – Україна
Хартія стратегічного партнерства США – Українаtsnua
 
Weapons of the war in Ukraine
Weapons of the war in UkraineWeapons of the war in Ukraine
Weapons of the war in Ukrainetsnua
 

More Related Content

Viewers also liked

The Shifting Landscape of PoS MalwareOutput
The Shifting Landscape of PoS MalwareOutputThe Shifting Landscape of PoS MalwareOutput
The Shifting Landscape of PoS MalwareOutputSilas Cutler
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackPriyanka Aash
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdStrike
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeCrowdStrike
 

Viewers also liked (6)

The Shifting Landscape of PoS MalwareOutput
The Shifting Landscape of PoS MalwareOutputThe Shifting Landscape of PoS MalwareOutput
The Shifting Landscape of PoS MalwareOutput
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac Attack
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted Threats
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
 

Similar to Російські хакери стежили за артилерією ЗСУ через Android

Kramatorsk Report FINAL.pdf
Kramatorsk Report FINAL.pdfKramatorsk Report FINAL.pdf
Kramatorsk Report FINAL.pdfssuser3957bc1
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsCrowdStrike
 
SOPHOS Threat Report.pdf
SOPHOS Threat Report.pdfSOPHOS Threat Report.pdf
SOPHOS Threat Report.pdfJorgeRosa46
 
Forensic Analysis of Satellite Images Released by the Russian Ministry of ...
Forensic Analysis of Satellite Images Released by the Russian Ministry of ...Forensic Analysis of Satellite Images Released by the Russian Ministry of ...
Forensic Analysis of Satellite Images Released by the Russian Ministry of ...UkraineUnderAttack
 
Розслідування Bellingcat щодо збитого на Донбасі МН17
Розслідування Bellingcat щодо збитого на Донбасі МН17Розслідування Bellingcat щодо збитого на Донбасі МН17
Розслідування Bellingcat щодо збитого на Донбасі МН17tsnua
 
Alexandros Kolovos, Commercial Satellites in Crisis and War: The Case of the ...
Alexandros Kolovos, Commercial Satellites in Crisis and War: The Case of the ...Alexandros Kolovos, Commercial Satellites in Crisis and War: The Case of the ...
Alexandros Kolovos, Commercial Satellites in Crisis and War: The Case of the ...alexanderkolovos
 
fe-cyber-attacks-ukrainian-grid.pdf
fe-cyber-attacks-ukrainian-grid.pdffe-cyber-attacks-ukrainian-grid.pdf
fe-cyber-attacks-ukrainian-grid.pdfMihirTiwari8
 
Self Learning Anti Drone System
Self Learning Anti Drone SystemSelf Learning Anti Drone System
Self Learning Anti Drone Systemyovist taufan
 

Similar to Російські хакери стежили за артилерією ЗСУ через Android (8)

Kramatorsk Report FINAL.pdf
Kramatorsk Report FINAL.pdfKramatorsk Report FINAL.pdf
Kramatorsk Report FINAL.pdf
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
 
SOPHOS Threat Report.pdf
SOPHOS Threat Report.pdfSOPHOS Threat Report.pdf
SOPHOS Threat Report.pdf
 
Forensic Analysis of Satellite Images Released by the Russian Ministry of ...
Forensic Analysis of Satellite Images Released by the Russian Ministry of ...Forensic Analysis of Satellite Images Released by the Russian Ministry of ...
Forensic Analysis of Satellite Images Released by the Russian Ministry of ...
 
Розслідування Bellingcat щодо збитого на Донбасі МН17
Розслідування Bellingcat щодо збитого на Донбасі МН17Розслідування Bellingcat щодо збитого на Донбасі МН17
Розслідування Bellingcat щодо збитого на Донбасі МН17
 
Alexandros Kolovos, Commercial Satellites in Crisis and War: The Case of the ...
Alexandros Kolovos, Commercial Satellites in Crisis and War: The Case of the ...Alexandros Kolovos, Commercial Satellites in Crisis and War: The Case of the ...
Alexandros Kolovos, Commercial Satellites in Crisis and War: The Case of the ...
 
fe-cyber-attacks-ukrainian-grid.pdf
fe-cyber-attacks-ukrainian-grid.pdffe-cyber-attacks-ukrainian-grid.pdf
fe-cyber-attacks-ukrainian-grid.pdf
 
Self Learning Anti Drone System
Self Learning Anti Drone SystemSelf Learning Anti Drone System
Self Learning Anti Drone System
 

More from tsnua

Ukrnafta.pdf
Ukrnafta.pdfUkrnafta.pdf
Ukrnafta.pdftsnua
 
Список 215 звільнених українців з російського полону
Список 215 звільнених українців з російського полонуСписок 215 звільнених українців з російського полону
Список 215 звільнених українців з російського полонуtsnua
 
Ложкін
ЛожкінЛожкін
Ложкінtsnua
 
Оновлений перелік, на основі якого внутрішньо переміщеним особам здійснюватим...
Оновлений перелік, на основі якого внутрішньо переміщеним особам здійснюватим...Оновлений перелік, на основі якого внутрішньо переміщеним особам здійснюватим...
Оновлений перелік, на основі якого внутрішньо переміщеним особам здійснюватим...tsnua
 
Закон про запровадження надзвичайного стану в Україні
Закон про запровадження надзвичайного стану в УкраїніЗакон про запровадження надзвичайного стану в Україні
Закон про запровадження надзвичайного стану в Україніtsnua
 
Підозра Петру Порошенку
Підозра Петру ПорошенкуПідозра Петру Порошенку
Підозра Петру Порошенкуtsnua
 
Хартія стратегічного партнерства США – Україна
Хартія стратегічного партнерства США – УкраїнаХартія стратегічного партнерства США – Україна
Хартія стратегічного партнерства США – Українаtsnua
 
Weapons of the war in Ukraine
Weapons of the war in UkraineWeapons of the war in Ukraine
Weapons of the war in Ukrainetsnua
 
Лист до першого віцепрем’єр-міністра, міністра економіки Олексія Любченка від...
Лист до першого віцепрем’єр-міністра, міністра економіки Олексія Любченка від...Лист до першого віцепрем’єр-міністра, міністра економіки Олексія Любченка від...
Лист до першого віцепрем’єр-міністра, міністра економіки Олексія Любченка від...tsnua
 
Звернення Верховної Ради щодо посилення міжнародного співробітництва в рамках...
Звернення Верховної Ради щодо посилення міжнародного співробітництва в рамках...Звернення Верховної Ради щодо посилення міжнародного співробітництва в рамках...
Звернення Верховної Ради щодо посилення міжнародного співробітництва в рамках...tsnua
 
Постанова Верховної Ради щодо Криму
Постанова Верховної Ради щодо КримуПостанова Верховної Ради щодо Криму
Постанова Верховної Ради щодо Кримуtsnua
 
Заява 1+1 про кримінальне правопорушення
Заява 1+1 про кримінальне правопорушенняЗаява 1+1 про кримінальне правопорушення
Заява 1+1 про кримінальне правопорушенняtsnua
 
Литва оголосила Анатолія Шарія персоною нон ґрата
Литва оголосила Анатолія Шарія персоною нон ґратаЛитва оголосила Анатолія Шарія персоною нон ґрата
Литва оголосила Анатолія Шарія персоною нон ґратаtsnua
 
Повний список обмежень
Повний список обмеженьПовний список обмежень
Повний список обмеженьtsnua
 
Голосування за "харківські угоди" 2010 року
Голосування за "харківські угоди" 2010 рокуГолосування за "харківські угоди" 2010 року
Голосування за "харківські угоди" 2010 рокуtsnua
 
Звернення партії "За майбутнє" до Володимира Зеленського
Звернення партії "За майбутнє" до Володимира ЗеленськогоЗвернення партії "За майбутнє" до Володимира Зеленського
Звернення партії "За майбутнє" до Володимира Зеленськогоtsnua
 
Звернення партії "За майбутнє" до Шмигаля
Звернення партії "За майбутнє" до ШмигаляЗвернення партії "За майбутнє" до Шмигаля
Звернення партії "За майбутнє" до Шмигаляtsnua
 
Указ президента України №64/2021
Указ президента України №64/2021Указ президента України №64/2021
Указ президента України №64/2021tsnua
 
Додаток №2 до рішення РНБО про запровадження санкцій проти Віктора Медведчука...
Додаток №2 до рішення РНБО про запровадження санкцій проти Віктора Медведчука...Додаток №2 до рішення РНБО про запровадження санкцій проти Віктора Медведчука...
Додаток №2 до рішення РНБО про запровадження санкцій проти Віктора Медведчука...tsnua
 
Додаток №1 до рішення РНБО про запровадження санкцій проти Віктора Медведчука...
Додаток №1 до рішення РНБО про запровадження санкцій проти Віктора Медведчука...Додаток №1 до рішення РНБО про запровадження санкцій проти Віктора Медведчука...
Додаток №1 до рішення РНБО про запровадження санкцій проти Віктора Медведчука...tsnua
 

More from tsnua (20)

Ukrnafta.pdf
Ukrnafta.pdfUkrnafta.pdf
Ukrnafta.pdf
 
Список 215 звільнених українців з російського полону
Список 215 звільнених українців з російського полонуСписок 215 звільнених українців з російського полону
Список 215 звільнених українців з російського полону
 
Ложкін
ЛожкінЛожкін
Ложкін
 
Оновлений перелік, на основі якого внутрішньо переміщеним особам здійснюватим...
Оновлений перелік, на основі якого внутрішньо переміщеним особам здійснюватим...Оновлений перелік, на основі якого внутрішньо переміщеним особам здійснюватим...
Оновлений перелік, на основі якого внутрішньо переміщеним особам здійснюватим...
 
Закон про запровадження надзвичайного стану в Україні
Закон про запровадження надзвичайного стану в УкраїніЗакон про запровадження надзвичайного стану в Україні
Закон про запровадження надзвичайного стану в Україні
 
Підозра Петру Порошенку
Підозра Петру ПорошенкуПідозра Петру Порошенку
Підозра Петру Порошенку
 
Хартія стратегічного партнерства США – Україна
Хартія стратегічного партнерства США – УкраїнаХартія стратегічного партнерства США – Україна
Хартія стратегічного партнерства США – Україна
 
Weapons of the war in Ukraine
Weapons of the war in UkraineWeapons of the war in Ukraine
Weapons of the war in Ukraine
 
Лист до першого віцепрем’єр-міністра, міністра економіки Олексія Любченка від...
Лист до першого віцепрем’єр-міністра, міністра економіки Олексія Любченка від...Лист до першого віцепрем’єр-міністра, міністра економіки Олексія Любченка від...
Лист до першого віцепрем’єр-міністра, міністра економіки Олексія Любченка від...
 
Звернення Верховної Ради щодо посилення міжнародного співробітництва в рамках...
Звернення Верховної Ради щодо посилення міжнародного співробітництва в рамках...Звернення Верховної Ради щодо посилення міжнародного співробітництва в рамках...
Звернення Верховної Ради щодо посилення міжнародного співробітництва в рамках...
 
Постанова Верховної Ради щодо Криму
Постанова Верховної Ради щодо КримуПостанова Верховної Ради щодо Криму
Постанова Верховної Ради щодо Криму
 
Заява 1+1 про кримінальне правопорушення
Заява 1+1 про кримінальне правопорушенняЗаява 1+1 про кримінальне правопорушення
Заява 1+1 про кримінальне правопорушення
 
Литва оголосила Анатолія Шарія персоною нон ґрата
Литва оголосила Анатолія Шарія персоною нон ґратаЛитва оголосила Анатолія Шарія персоною нон ґрата
Литва оголосила Анатолія Шарія персоною нон ґрата
 
Повний список обмежень
Повний список обмеженьПовний список обмежень
Повний список обмежень
 
Голосування за "харківські угоди" 2010 року
Голосування за "харківські угоди" 2010 рокуГолосування за "харківські угоди" 2010 року
Голосування за "харківські угоди" 2010 року
 
Звернення партії "За майбутнє" до Володимира Зеленського
Звернення партії "За майбутнє" до Володимира ЗеленськогоЗвернення партії "За майбутнє" до Володимира Зеленського
Звернення партії "За майбутнє" до Володимира Зеленського
 
Звернення партії "За майбутнє" до Шмигаля
Звернення партії "За майбутнє" до ШмигаляЗвернення партії "За майбутнє" до Шмигаля
Звернення партії "За майбутнє" до Шмигаля
 
Указ президента України №64/2021
Указ президента України №64/2021Указ президента України №64/2021
Указ президента України №64/2021
 
Додаток №2 до рішення РНБО про запровадження санкцій проти Віктора Медведчука...
Додаток №2 до рішення РНБО про запровадження санкцій проти Віктора Медведчука...Додаток №2 до рішення РНБО про запровадження санкцій проти Віктора Медведчука...
Додаток №2 до рішення РНБО про запровадження санкцій проти Віктора Медведчука...
 
Додаток №1 до рішення РНБО про запровадження санкцій проти Віктора Медведчука...
Додаток №1 до рішення РНБО про запровадження санкцій проти Віктора Медведчука...Додаток №1 до рішення РНБО про запровадження санкцій проти Віктора Медведчука...
Додаток №1 до рішення РНБО про запровадження санкцій проти Віктора Медведчука...
 

Recently uploaded

How Europe Underdeveloped Africa_walter.pdf
How Europe Underdeveloped Africa_walter.pdfHow Europe Underdeveloped Africa_walter.pdf
How Europe Underdeveloped Africa_walter.pdfLorenzo Lemes
 
Manipur-Book-Final-2-compressed.pdfsal'rpk
Manipur-Book-Final-2-compressed.pdfsal'rpkManipur-Book-Final-2-compressed.pdfsal'rpk
Manipur-Book-Final-2-compressed.pdfsal'rpkbhavenpr
 
26042024_First India Newspaper Jaipur.pdf
26042024_First India Newspaper Jaipur.pdf26042024_First India Newspaper Jaipur.pdf
26042024_First India Newspaper Jaipur.pdfFIRST INDIA
 
Roberts Rules Cheat Sheet for LD4 Precinct Commiteemen
Roberts Rules Cheat Sheet for LD4 Precinct CommiteemenRoberts Rules Cheat Sheet for LD4 Precinct Commiteemen
Roberts Rules Cheat Sheet for LD4 Precinct Commiteemenkfjstone13
 
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...Ismail Fahmi
 
Israel Palestine Conflict, The issue and historical context!
Israel Palestine Conflict, The issue and historical context!Israel Palestine Conflict, The issue and historical context!
Israel Palestine Conflict, The issue and historical context!Krish109503
 
如何办理(BU学位证书)美国贝翰文大学毕业证学位证书
如何办理(BU学位证书)美国贝翰文大学毕业证学位证书如何办理(BU学位证书)美国贝翰文大学毕业证学位证书
如何办理(BU学位证书)美国贝翰文大学毕业证学位证书Fi L
 
Call Girls in Mira Road Mumbai ( Neha 09892124323 ) College Escorts Service i...
Call Girls in Mira Road Mumbai ( Neha 09892124323 ) College Escorts Service i...Call Girls in Mira Road Mumbai ( Neha 09892124323 ) College Escorts Service i...
Call Girls in Mira Road Mumbai ( Neha 09892124323 ) College Escorts Service i...Pooja Nehwal
 
Brief biography of Julius Robert Oppenheimer
Brief biography of Julius Robert OppenheimerBrief biography of Julius Robert Oppenheimer
Brief biography of Julius Robert OppenheimerOmarCabrera39
 
Lorenzo D'Emidio_Lavoro sullaNorth Korea .pptx
Lorenzo D'Emidio_Lavoro sullaNorth Korea .pptxLorenzo D'Emidio_Lavoro sullaNorth Korea .pptx
Lorenzo D'Emidio_Lavoro sullaNorth Korea .pptxlorenzodemidio01
 
Dynamics of Destructive Polarisation in Mainstream and Social Media: The Case...
Dynamics of Destructive Polarisation in Mainstream and Social Media: The Case...Dynamics of Destructive Polarisation in Mainstream and Social Media: The Case...
Dynamics of Destructive Polarisation in Mainstream and Social Media: The Case...Axel Bruns
 
2024 04 03 AZ GOP LD4 Gen Meeting Minutes FINAL.docx
2024 04 03 AZ GOP LD4 Gen Meeting Minutes FINAL.docx2024 04 03 AZ GOP LD4 Gen Meeting Minutes FINAL.docx
2024 04 03 AZ GOP LD4 Gen Meeting Minutes FINAL.docxkfjstone13
 
Different Frontiers of Social Media War in Indonesia Elections 2024
Different Frontiers of Social Media War in Indonesia Elections 2024Different Frontiers of Social Media War in Indonesia Elections 2024
Different Frontiers of Social Media War in Indonesia Elections 2024Ismail Fahmi
 
AP Election Survey 2024: TDP-Janasena-BJP Alliance Set To Sweep Victory
AP Election Survey 2024: TDP-Janasena-BJP Alliance Set To Sweep VictoryAP Election Survey 2024: TDP-Janasena-BJP Alliance Set To Sweep Victory
AP Election Survey 2024: TDP-Janasena-BJP Alliance Set To Sweep Victoryanjanibaddipudi1
 
25042024_First India Newspaper Jaipur.pdf
25042024_First India Newspaper Jaipur.pdf25042024_First India Newspaper Jaipur.pdf
25042024_First India Newspaper Jaipur.pdfFIRST INDIA
 
23042024_First India Newspaper Jaipur.pdf
23042024_First India Newspaper Jaipur.pdf23042024_First India Newspaper Jaipur.pdf
23042024_First India Newspaper Jaipur.pdfFIRST INDIA
 
Referendum Party 2024 Election Manifesto
Referendum Party 2024 Election ManifestoReferendum Party 2024 Election Manifesto
Referendum Party 2024 Election ManifestoSABC News
 
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptx
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptxKAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptx
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptxjohnandrewcarlos
 
Minto-Morley Reforms 1909 (constitution).pptx
Minto-Morley Reforms 1909 (constitution).pptxMinto-Morley Reforms 1909 (constitution).pptx
Minto-Morley Reforms 1909 (constitution).pptxAwaiskhalid96
 
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...narsireddynannuri1
 

Recently uploaded (20)

How Europe Underdeveloped Africa_walter.pdf
How Europe Underdeveloped Africa_walter.pdfHow Europe Underdeveloped Africa_walter.pdf
How Europe Underdeveloped Africa_walter.pdf
 
Manipur-Book-Final-2-compressed.pdfsal'rpk
Manipur-Book-Final-2-compressed.pdfsal'rpkManipur-Book-Final-2-compressed.pdfsal'rpk
Manipur-Book-Final-2-compressed.pdfsal'rpk
 
26042024_First India Newspaper Jaipur.pdf
26042024_First India Newspaper Jaipur.pdf26042024_First India Newspaper Jaipur.pdf
26042024_First India Newspaper Jaipur.pdf
 
Roberts Rules Cheat Sheet for LD4 Precinct Commiteemen
Roberts Rules Cheat Sheet for LD4 Precinct CommiteemenRoberts Rules Cheat Sheet for LD4 Precinct Commiteemen
Roberts Rules Cheat Sheet for LD4 Precinct Commiteemen
 
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
 
Israel Palestine Conflict, The issue and historical context!
Israel Palestine Conflict, The issue and historical context!Israel Palestine Conflict, The issue and historical context!
Israel Palestine Conflict, The issue and historical context!
 
如何办理(BU学位证书)美国贝翰文大学毕业证学位证书
如何办理(BU学位证书)美国贝翰文大学毕业证学位证书如何办理(BU学位证书)美国贝翰文大学毕业证学位证书
如何办理(BU学位证书)美国贝翰文大学毕业证学位证书
 
Call Girls in Mira Road Mumbai ( Neha 09892124323 ) College Escorts Service i...
Call Girls in Mira Road Mumbai ( Neha 09892124323 ) College Escorts Service i...Call Girls in Mira Road Mumbai ( Neha 09892124323 ) College Escorts Service i...
Call Girls in Mira Road Mumbai ( Neha 09892124323 ) College Escorts Service i...
 
Brief biography of Julius Robert Oppenheimer
Brief biography of Julius Robert OppenheimerBrief biography of Julius Robert Oppenheimer
Brief biography of Julius Robert Oppenheimer
 
Lorenzo D'Emidio_Lavoro sullaNorth Korea .pptx
Lorenzo D'Emidio_Lavoro sullaNorth Korea .pptxLorenzo D'Emidio_Lavoro sullaNorth Korea .pptx
Lorenzo D'Emidio_Lavoro sullaNorth Korea .pptx
 
Dynamics of Destructive Polarisation in Mainstream and Social Media: The Case...
Dynamics of Destructive Polarisation in Mainstream and Social Media: The Case...Dynamics of Destructive Polarisation in Mainstream and Social Media: The Case...
Dynamics of Destructive Polarisation in Mainstream and Social Media: The Case...
 
2024 04 03 AZ GOP LD4 Gen Meeting Minutes FINAL.docx
2024 04 03 AZ GOP LD4 Gen Meeting Minutes FINAL.docx2024 04 03 AZ GOP LD4 Gen Meeting Minutes FINAL.docx
2024 04 03 AZ GOP LD4 Gen Meeting Minutes FINAL.docx
 
Different Frontiers of Social Media War in Indonesia Elections 2024
Different Frontiers of Social Media War in Indonesia Elections 2024Different Frontiers of Social Media War in Indonesia Elections 2024
Different Frontiers of Social Media War in Indonesia Elections 2024
 
AP Election Survey 2024: TDP-Janasena-BJP Alliance Set To Sweep Victory
AP Election Survey 2024: TDP-Janasena-BJP Alliance Set To Sweep VictoryAP Election Survey 2024: TDP-Janasena-BJP Alliance Set To Sweep Victory
AP Election Survey 2024: TDP-Janasena-BJP Alliance Set To Sweep Victory
 
25042024_First India Newspaper Jaipur.pdf
25042024_First India Newspaper Jaipur.pdf25042024_First India Newspaper Jaipur.pdf
25042024_First India Newspaper Jaipur.pdf
 
23042024_First India Newspaper Jaipur.pdf
23042024_First India Newspaper Jaipur.pdf23042024_First India Newspaper Jaipur.pdf
23042024_First India Newspaper Jaipur.pdf
 
Referendum Party 2024 Election Manifesto
Referendum Party 2024 Election ManifestoReferendum Party 2024 Election Manifesto
Referendum Party 2024 Election Manifesto
 
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptx
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptxKAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptx
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptx
 
Minto-Morley Reforms 1909 (constitution).pptx
Minto-Morley Reforms 1909 (constitution).pptxMinto-Morley Reforms 1909 (constitution).pptx
Minto-Morley Reforms 1909 (constitution).pptx
 
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
 

Російські хакери стежили за артилерією ЗСУ через Android

  • 1. CROWDSTRIKE GLOBAL INTELLIGENCE TEAM web: WWW.CROWDSTRIKE.COM | twitter: @CROWDSTRIKE Copyright 2016 USE OF FANCY BEAR ANDROID MALWARE IN TRACKING OF UKRAINIAN FIELD ARTILLERY UNITS P U B L I S H E D D E C E M B E R 2 2
  • 2. KEY POINTS • From late 2014 and through 2016, FANCY BEAR X-Agent implant was covertly distributed on Ukrainian military forums within a legitimate Android application developed by Ukrainian artillery officer Yaroslav Sherstuk. • The original application enabled artillery forces to more rapidly process targeting data for the Soviet-era D-30 Howitzer employed by Ukrainian artillery forces reducing targeting time from minutes to under 15 seconds. According to Sherstuk’s interviews with the press, over 9000 artillery personnel have been using the application in Ukrainian military. • Successful deployment of the FANCY BEAR malware within this application may have facilitated reconnaissance against Ukrainian troops. The ability of this malware to retrieve communications and gross locational data from an infected device makes it an attractive way to identify the general location of Ukrainian artillery forces and engage them. • Open source reporting indicates that Ukrainian artillery forces have lost over 50% of their weapons in the 2 years of conflict and over 80% of D-30 howitzers, the highest percentage of loss of any other artillery pieces in Ukraine's arsenal. • This previously unseen variant of X-Agent represents FANCY BEAR’s expansion in mobile malware development from iOS- capable implants to Android devices, and reveals one more component of the broad spectrum approach to cyber operations taken by Russia-based actors in the war in Ukraine. • The collection of such tactical artillery force positioning intelligence by FANCY BEAR further supports CrowdStrike’s previous assessments that FANCY BEAR is likely affiliated with the Russian military intelligence (GRU), and works closely with Russian military forces operating in Eastern Ukraine and its border regions in Russia. “ OPEN-SOURCE REPORTING INDICATES LOSSES OF ALMOST 50% OF EQUIPMENT IN THE LAST 2 YEARS OF CONFLICT AMONGST UKRAINIAN ARTILLERY FORCES AND OVER 80% OF D-30 HOWITZERS WERE LOST, FAR MORE THAN ANY OTHER PIECE OF UKRAINIAN ARTILLERY 9. ”
  • 3. BACKGROUND In late June and August 2016, CrowdStrike Intelligence provided initial reporting and technical analysis of a variant of the FANCY BEAR implant X-Agent that targeted the Android mobile platform2 . CrowdStrike identified this X-Agent variant within a legitimate Android application named Попр-Д30.apk. This app was developed and used by artillery troops to simplify targeting data for the D-30 towed howitzer. CrowdStrike investigation reveals that this app has been utilized in a possible training or operational role in at least one unit of the Ukrainian military. Therefore, the implant likely targeted military artillery units operating against pro- Russian separatists in Eastern Ukraine. This implant represents further advancements in FANCY BEAR’s development of mobile malware for targeted intrusions and extends Russian cyber capabilities to the front lines of the battlefield. This Tipper builds on CrowdStrike’s previous reporting by providing a timeline of events, contextual discussion regarding the potential drivers for development and deployment of the malware, and a description of the analytical process resulting in targeting assessments. Finally, this Tipper leverages these assessments, in conjunction with more recently observed activity by Russia-based adversaries, to determine the potential for any future activity in the mobile malware threat space. “ CROWDSTRIKE IDENTIFIED THIS X-AGENT VARIANT WITHIN A LEGITIMATE ANDROID APPLICATION NAMED ПОПР-Д30.APK. THIS APP WAS DEVEL- OPED AND USED BY ARTILLERY TROOPS TO SIMPLIFY TARGETING DATA FOR THE D-30 TOWED HOWITZER ”
  • 4. Russia offers Ukraine loans and discounts on gas Referendum on Crimea/Crimean annexation Gazprom increases gas prices, Ukraine skips payment Intrusions into Ukraine’s Transportation Sector Presidential Elections in Ukraine DDoS and targeted intrusions in media, financial, political entities in Ukraine Malicious App Observed in Distribution on Forums Protests reach their peak, gov’t cracks down violently; agreement reached for elections; Yanukovich flees to Russia Armed men appear in unmarked uniforms in Crimea DDoS vs. NATO Pro-Russian forces begin seizing government resources in Eastern Ukraine Intrusion against Ukraine’s Central Election Commission Malaysia Air Flight MH17 destroyed by pro-Russian Separatists Minsk I Ceasefire Signed Video depicting use of Попр-Д30 application in eastern Ukraine Earliest public reporting on the Android App developed by the Ukrainian soldier CyberBerkut Emerges JAN FEB MAR APR MAY JUNE JULY AUG SEPT OCT NOV DEC JAN FEB MAR APR MAY JUNE JULY AUG SEPT OCT NOV DEC П О П Р -Д 3 0 DE VELO PED 2 0 FEB - 13 APR Ukraine’s Parliament convenes and plans to lay foundation for EU Association Agreement UKR Pres. Yanukovych does about face on planned EU agree- ment, orients towards Russia Protest movement begins in Kiev Individual believed to be the developer promotes Android App on Russian Social Media Site vKontakte Kremlin threatens Ukraine over EU agreement Anon Ops vs. Ukraine Gov’t Web- sites - Defacements and DDoS 20 13 20 14 LIKELY RUSSIA-BASED RECONNAISSANCE OF UKRAINIAN GOVERNMENT AND/OR MILITARY TARGETS ARMED CONFLICT IN UKRAINE MALICIOUS APP DISTRIBUTIONPOSSIBLE DEVELOPMENT TIME FRAME: MALICIOUS X-AGENT IMPLANT INJECT FOR ПОПР-Д30 LATE APRIL 2013 - EARLY DECEMBER 2014 LEGEND Events associated with the Android app International Events or Diplomacy Efforts Ukrainian Domestic Affairs Targeted Intrusion, DDoS or Disinformation Russian / Ukrainian Confrontation
  • 5. JAN FEB MAR APR MAY JUNE JULY AUG SEPT OCT NOV DEC JAN FEB MAR APR MAY JUNE JULY AUG SEPT OCT NOV DEC Developer of benign app promoted within Ukrainian military Pro-Russian Hacktivist Group Sprut Emerges Crimea lacks electricity after physical attack Cyber attacks against Ukrainian power stations Attack on Kiev Airport System Reported testing period for ArtOS News story associating app author as head of the ArtOS project, a joint en- deavor with the Noosphere Engineering School Forums discussing the app and claiming to be associat- ed with the developers users are called out as fraudulent some users claim copy apps are distributing malware First Minsk Ceasefire Collapses Minsk II Protocol signed Targeted intrusions against Ukraine’s Ministry of Defense 20 15 20 16 LIKELY RUSSIA-BASED RECONNAISSANCE OF UKRAINIAN GOVERNMENT AND/OR MILITARY TARGETS ARMED CONFLICT IN UKRAINE MALICIOUS APP DEVELOPMENT, DEPLOYMENT, AND USAGE TIME FRAME LATE APRIL 2013 - AND BEYOND LEGEND Events associated with the Android app International Events or Diplomacy Efforts Ukrainian Domestic Affairs Targeted Intrusion, DDoS or Disinformation Russian / Ukrainian Confrontation CyberBerkut Releases Info Associated With Claimed Intrusion into Ukraine’s Security Service SBU CyberBerkut Defaces Bellingcat Website
  • 6. “ THE ORIGINAL, BENIGN APPLICATION ENABLED ARTILLERY FORCES TO MORE RAPIDLY PROCESS TARGETING DATA FOR THE D-30 HOWITZER REDUCING TARGETING TIME FROM MINUTES DOWN TO 15 SECONDS. ” TIMELINE OF EVENTS DEVELOPMENT AND DISTRIBUTION PROCESS OF THE BENIGN APPLICATION The original application central to this discussion, Попр-Д30.apk, was initially developed domestically within Ukraine by a member of the 55th Artillery Brigade. Based on the file creation timestamps as well as the app signing process, which occurred on 28 March 2013, CrowdStrike has determined that the app was developed sometime between 20 February and 13 April 2013. Shortly after that time frame, on 28 April 2013, an individual bearing the same name as the application’s developer promoted the application on Russian vKontakte3 pages associated with the artillery forces. The promotion of the program was likely limited to social media, and the distribution was controlled from the author’s main page, «Програмное обеспечение современного боя» (translation: Modern combat software).4 As an additional control measure, the program was only activated for use after the developer was contacted and issued a code to the individual downloading the application. No evidence of the application has been observed on the Android app store, making it unlikely that the app was distributed via that platform. The control measures established by the developer to limit the use and proliferation of the Попр-Д30.apk application, coupled with its unique purpose, make its broad distribution on the Android store improbable. At the time of this writing, it is unclear to what degree and for how long this specific application was utilized by the entirety of the Ukrainian Artillery Forces. Based on open source reporting, social media posts, and video evidence, CrowdStrike assesses that Попр-Д30.apk was potentially used through 2016 by at least one artillery unit operating in eastern Ukraine. RECONNAISSANCE, DEVELOPMENT AND DISTRIBUTION OF THE MALICIOUS APPLICATION RECONNAISSANCE Given the estimated development timeframe and the promotional period for the benign Попр-Д30.apk application, the program was likely available online for distribution after late April 2013. CrowdStrike Intelligence assesses that the application likely came to the attention of Russia- based adversaries around this time frame as a result of ongoing Russian
  • 7. reconnaissance associated with the revolution in Ukraine. Actors with a nexus to Russia regularly monitor social media sites in order to better understand or formulate operations against their targets. CrowdStrike Intelligence has noted instances in which some Russia-based actors and attribution front groups have leveraged information obtained from Ukrainian social media sites in order to perform operations. The most notable recent example of this was in the case of extortion-based threats directed against the Polish Government.5 In this particular case, the perpetrators likely sought out openly available account information from a vKontakte page belonging to a Ukrainian citizen, who was soliciting donations to aid volunteer soldiers fighting in eastern Ukraine. The adversary then used this profile information, in conjunction with the name Pravyy Sector, to make it appear as though the extortion threats against the Polish government were originating from an ultranationalist Ukrainian group. CrowdStrike has assessed that by performing this type of deceptive operation the perpetrator likely sought to make it appear as though Ukrainian interests were threatening the Polish government. In addition, because the individual account hijacked for this operation had been used to try to raise funds for Ukrainian forces, the adversary may have been trying to aggravate Western governments enough to freeze the individual’s accounts. The attack did not appear to achieve its intended result. Poland rebuffed the threats, and the owner of the vKontakte page denounced any involvement in the threat. Subsequently the Pravyy Sector group scrubbed their social media page of much of the information associated with this failed operation. This particular incident is an example of how a disinformation operation is staged. While this incident is not likely to be related to the development of the X-Agent Android variant, it demonstrates the reconnaissance and pre- planning tactics that precede the rest of a campaign. Development and Distribution CrowdStrike has discovered indications that as early as 2015 FANCY BEAR likely developed X-Agent applications for the iOS environment, targeting jailbroken Apple mobile devices. The use of the X-Agent implant in the original Попр-Д30.apk application appears to be the first observed case of FANCY BEAR malware developed for the Android mobile platform. On 21 December 2014 the malicious variant of the Android application was first observed in limited public distribution on a Russian language, Ukrainian military forum. A late 2014 public release would place the development timeframe for this implant sometime between late-April 2013 and early December 2014. “ FOR UKRAINIAN TROOPS, ARTILLERY FORCES HAVE ALSO SHOULDERED A HEAVY COST. IN 2 YEARS OF CONFLICT, THEY HAVE LOST NEARLY 50% OF THEIR ARTILLERY PIECES AND OVER 80% OF D-30 HOWITZERS, FAR MORE THAN ANY OTHER PIECE OF UKRAINIAN ARTILLERY. ”
  • 8. During that proposed development timeframe, a number of significant events unfolded between Ukraine, Russia, and the international community. Most notably, Russian attempts to influence Ukrainian-EU relations resulted in the large-scale, Maidan protest movement, eventually resulting in the ouster of then-president Victor YANUKOVYCH, the invasion and annexation of the Crimean Peninsula by Russia, and the protracted armed conflict in eastern Ukraine. Therefore, the creation of an application that targets some of the front line forces pivotal in Ukrainian defense on the eastern front would likely be a high priority for Russian adversary malware developers seeking to turn the tide of the conflict in their favor. CrowdStrike Intelligence has assessed that the distribution of the malicious application targeted the very artillery units for which the benign application was developed—brigades operating in eastern Ukraine on the frontlines of the conflict with Russian-backed separatist forces during the early stages of the conflict in late-2014. This assessment is based on a number of factors, but chief among them is the likelihood that a military member would only trust and use an application designed to calculate something as critical as targeting data if it was developed and promoted by a member of their own forces. The type of operational activity described here suggests an extremely sophisticated understanding of the target that only a skilled adversary would likely possess. By late December 2014, the total number of Russian forces in the region was approximately 10,000 troops.6 Because the Android malware could facilitate gross position information, its successful deployment could have facilitated anticipatory awareness of Ukrainian artillery force troop movement, thus providing Russian forces with useful strategic planning information. Indeed, the 55th Artillery Brigade and similar artillery units operated frequently against pro-Russian separatists in eastern Ukraine. A video posted on 18 October 20157 specifically shows them employing the Попр-Д30.apk application and operating in the vicinity of eastern Ukraine. The choice of the Russian language character set in the application further underscores the targeting of forces within eastern Ukraine, as Russian is the predominant language utilized in that region. An assessment of languages spoken by region based on the most recent census information illustrates the permeation of the Russian language in that region and highlights the value of providing Russian in the malicious Попр-Д30.apk application. One alternative theory regarding the use of the Russian language in the application could be that targeting may have been directed at pro-Russian “ CROWDSTRIKE INTELLIGENCE HAS ASSESSED THAT THE DISTRIBUTION OF THE MALICIOUS APPLICATION TARGETED THE VERY ARTILLERY UNITS FOR WHICH THE BENIGN APPLICATION WAS DEVELOPED—BRIGADES OPERATING IN EASTERN UKRAINE ON THE FRONTLINES OF THE CONFLICT WITH RUSSIAN-BACKED SEPARATIST FORCES DURINGTHE EARLY STAGES OF THE CONFLICT IN LATE-2014. ”
  • 9. forces operating in eastern Ukraine. A relevant and likely counterargument for this theory, however, is that Russian forces likely have employed fire support systems and other technologies that can already calculate targeting data, negating the need for an application to perform this task. Additionally, the application was initially developed by a member of the Ukrainian army. An opposing force would probably not adopt technology developed by the enemy for use on the battlefield. OUTCOMES AND CONCLUSION The eastern Ukrainian front has been markedly impacted by heavy fighting involving Russian troops and pro-Russian rebel fighters deployed to this region. Artillery forces on both sides of the conflict have served an important role. For Ukrainian troops, artillery forces have also shouldered a heavy cost. Open-source reporting indicates losses of almost 50% of equipment in the last 2 years of conflict amongst Ukrainian artillery forces and over 80% of D-30 howitzers were lost, far more than any other piece of Ukrainian artillery 9.9 Between July and August 2014, Russian backed forces launched some of the most decisive attacks against Ukrainian forces, resulting in significant loss of life, weaponry, and territory. According to open sources, Ukrainian service personnel from the 24th and 72nd Mechanized Brigade, as well as the 79th Airborne Brigade, were among the units to have suffered casualties. International monitoring groups later assessed some of the attacks were likely to have come from inside Russian territory.10 A malware-infected Попр-Д30.apk application probably could not have provided all the necessary data required to directly facilitate the types of tactical strikes that occurred between July and August 2014. Eyewitness accounts from individuals within the impacted units reported seeing an unmanned aerial vehicle (UAV) used in the area prior to one attack, underscoring the need for precise locational data for these particular strikes and introducing the possibility U R K A N I A N R U S S I A N O T H E R U N C L E A R U R K A N I A N R U S S I A N E Q U A L L Y 92.6% 78.2% 35.3% 37.4% 19.9% 2.9% 16.6% 38.4% 34.4% 34% 40.4%25.9%20%4.2%2% W E S T C E N T E R S O U T H E A S T D O N B A S S 1.6% .4% 5.4% 1.3% 5.2% .5%1%.9%.6%.9% L A N G U A G E S S P O K E N B Y R E G I O N Distribution of Russian/Ukrainian Language Use in Ukraine8
  • 10. “ CROWDSTRIKE INTELLIGENCE ASSESSES A TOOL SUCH AS THIS HAS THE POTENTIAL ABILITY TO MAP OUT A UNIT’S COMPOSITION AND HIERARCHY, DETERMINE THEIR PLANS, AND EVEN TRIANGULATE THEIR APPROXIMATE LOCATION ” that the Android malware served to support the reconnaissance role of traditional battlefield assets. Although traditional overhead intelligence surveillance and reconnaissance (ISR) assets were likely still needed to finalize tactical movements, the ability of this application to retrieve communications and gross locational data from infected devices, could provide insight for further planning, coordination, and tasking of ISR, artillery assets, and fighting forces. The X-Agent Android variant does not exhibit a destructive function and does not interfere with the function of the original Попр-Д30.apk application. Therefore, CrowdStrike Intelligence has assessed that the likely role of this malware is strategic in nature. The capability of the malware includes gaining access to contacts, Short Message Service (SMS) text messages, call logs, and internet data, and FANCY BEAR would likely leverage this information for its intelligence and planning value. CrowdStrike Intelligence assesses a tool such as this has the potential ability to map out a unit’s composition and hierarchy, determine their plans, and even triangulate their approximate location. This type of strategic analysis can enable the identification of zones in which troops are operating and help prioritize assets within those zones for future targeting. Additionally, a study provided by the International Institute of Strategic Studies determined that the weapons platform bearing the highest losses between 2013 and 2016 was the D-30 towed howitzer.11 It is possible that the deployment of this malware infected application may have contributed to the high-loss nature of this platform. The development of the X-Agent Android malware represents an expansion of FANCY BEAR capabilities in terms of mobile malware, and illustrates the practical application of full-spectrum combat as envisioned in the eponymous doctrinal writings of General Valery GERASIMOV. As a part of full-spectrum operations in Ukraine, Russia-based adversaries have leveraged malware on the battlefield, in the civil sector, and against critical infrastructure. They have also engaged in aggressive information operations in the media. In relation to this broader picture of Russian computer operations, the approach to targeting mobile smartphone and tablet devices in order to gain strategic insight into communications is a tactic that cannot be disregarded. CrowdStrike assesses that the observed and described X-Agent implant targeting Ukrainian military Android devices running the Попр-Д30.apk
  • 11. application is likely only the initial iteration of this type of malware. While this malware was initially discovered in a battlefield environment, an adversary could also leverage it in attacks against non-military targets. Mobile devices and internet-connected technology have increasingly proliferated civilian and military organizations. This technique may very likely be deployed in the political, government, or non-governmental sectors in the near future. 1-The name Попр-Д30.apk is an abbreviated variant of Поправки-Д30 which translates to Correction-D30. 2-For more information, contact CrowdStrike 3-vKontakte is a Russian social media networking site alike in layout and functionality to Facebook. 4-http://programs-art.at.ua 5-For more information, contact CrowdStrike 6-Igor Sutyagin, “Russian Forces in Ukraine,” Royal United Services Institute, March 2015, https://rusi.org/sites/default/files/201503_bp_ russian_forces_in_ukraine.pdf 7-https://www.youtube.com/watch?v=qp-7e_ZGH8I 8-Data for image circa 2015. Note: These maps do not provide data for Crimea. According to various sources, there are estimates suggesting that, in greater Crimea 80% speak Russian, 10% speak Ukrainian, and 10% speak Tatar. The percentage of Russian speakers is estimated to be higher in Sevastopol, most likely dues to the Russian Naval Base in the region. Source: The Razumkov Center report on The Ukranian Citizen's Identity in the New Environment: Status, Trends, Regional Differences,”7 June 2016, razumkov.org.ua/upload/identi-2016.pdf. 9-http://thesaker.is/ukrainian-army-losses-in-ato-anti-terrorist-operation- according-to-the-iisss-military-balance/ 10-For more information, see “Origin of Artillery Attacks on Ukrainian Military Positions in Eastern Ukraine between 14 July 2014 and 8 August 2014, https://www.bellingcat.com/news/uk-and-europe/2015/02/17/ origin-of-artillery-attacks/. “ THE COLLECTION OF SUCH TACTICAL ARTILLERY FORCE POSITIONING INTELLIGENCE BY FANCY BEAR FURTHER SUPPORTS CROWDSTRIKE’S PREVIOUS ASSESSMENTS THAT FANCY BEAR IS LIKELY AFFILIATED WITH THE RUSSIAN MILITARY INTELLIGENCE (GRU) ”