Current:Home > BackInside Russia's attempts to hack Ukrainian military operations-DB Wealth Institute B2 Expert Reviews
Inside Russia's attempts to hack Ukrainian military operations
View Date:2024-12-23 22:45:10
KYIV, Ukraine — Ukrainian intelligence officials have revealed details to NPR about an attempt by Russian state hackers to penetrate Ukrainian military planning operations systems.
The hackers from Russian military intelligence captured Android tablet devices used by Ukrainian officers on the front lines in an attempt to spy, according to a report published by the Security Service of Ukraine's Cyber Security Situation Center.
"We saw that there were attempts to penetrate these systems," said Illia Vitiuk, the head of the Cybersecurity Department of Ukraine's Security Services, also known as the SBU. Vitiuk spoke to NPR in an exclusive interview in Kyiv on Wednesday.
"Our enemy is extremely focused on getting insight into these systems," he continued.
The Ukrainian military uses multiple tools for situational awareness to track Russian troop positions and gather other intelligence from the land, air and sea. Those include Delta, a military platform developed by the Defense Technology Innovation and Development Center within Ukraine's Ministry of Defense, and Kropvya, a defense mapping software made by Ukrainian NGO Army SOS. Developers working on these systems in Kyiv are becoming increasingly aware of Russia's focus on them, and are declining to openly discuss the platforms and how they work to limit exposure to Russian threats.
In this specific operation, the Russian hackers' goals included gathering intelligence from the devices and then tailoring malware to exploit the broader military operations network.
"They planned these operations for a long period of time, and there were some hacker groups that moved closer to the front lines" in order to steal Ukrainian tablets, said Vitiuk.
The SBU attributed the cyber operation to Russian military intelligence organization GRU, or more specifically the hacking group known as SandWorm. Hackers from SandWorm have been extremely active both during and before the full-scale invasion launched in February 2022, targeting the Ukrainian energy sector, the global economy, and others.
According to the State Security Service report, the agency detected the Russian operation in its early stages, preventing full access to the military operations system.
This is not the first time that Russia has attempted to compromise the Delta system. In December, Russian hackers broke into Ukrainian military email accounts to deliver convincing phishing emails to Delta users. Ukraine's Computer Emergency Response Team published details about the operation. And last summer, Russian officers created a fake version of the Delta website in order to trick legitimate users into providing their credentials.
Ukrainian cybersecurity experts have expressed concern about these breaches, arguing that the government has not been transparent enough about what was stolen.
However, according to Vitiuk, these military platforms are segmented so that each individual user doesn't have access to all its components. Therefore, he explained, by capturing individual Android devices or stealing login credentials, Russian officers would likely only be able to access information available to the user that was compromised. Additionally, the Delta platform does not directly track Ukrainian troop locations, he said.
However, the malware samples gathered from this most recent operation gave interesting clues about what Russian hackers were most interested in.
Some of the malware samples SBU cyber experts found on the devices were designed to gather information about connections to the satellite internet device Starlink developed by Elon Musk's company SpaceX. These devices have been important in Ukraine during the full-scale invasion, particularly when other communication networks are down.
"This was very interesting malware ... it gave them the possibility to get the configurations of Starlink, so in the end they could understand the location" of specific military units, explained Vitiuk. As a result, they can use that information when targeting attacks, he continued.
"But the thing is, we have thousands of Starlinks here in Ukraine, and there are alternatives ... you cannot hit it with a missile or artillery shell, every Starlink," Vitiuk said.
Starlinks are top priority targets for Russia. Therefore, while they may have gained some information about individual devices, perhaps "hundreds," in this operation, said Vitiuk, Russians likely combine that information with intelligence gathered from drones and human sources in order to target attacks.
Understanding what information may have been compromised allows Ukraine to relocate its troops and expose Russian tactics, Vitiuk told NPR.
Vitiuk explained that part of the goal in openly publishing information about the Russian operation is to expose their tactics to allow partners to defend against them.
"We understand that Russians, they first use everything here, but afterwards, they can use the same methods and the same malware somewhere else. ... That's why it was very important to publish this report, to show the evolution of Russian hackers, to show how focused they are on military situational awareness systems," said Vitiuk.
The Delta platform recently underwent a successful NATO review to determine its interoperability with Western systems like F-16 fighter jets. "This is a significant step because thanks to Delta, soldiers can view the battlefield in real-time, including the location of enemy forces," said Ukraine's Minister of Digital Transformation Mykhailo Fedorov.
"We do believe the systems we're using now will be used by other countries ... so it's very important to start protecting them from now," Vitiuk concluded.
Kateryna Malofieieva provided additional reporting for this story.
veryGood! (991)
Related
- Chicago Bears will ruin Caleb Williams if they're not careful | Opinion
- SEC Proposes Landmark Rule Requiring Companies to Tell Investors of Risks Posed by Climate Change
- Over $30M worth of Funkos are being dumped
- Tomato shortages hit British stores. Is Brexit to blame?
- Florida education officials report hundreds of books pulled from school libraries
- Emergency slide fell from United Airlines plane as it flew into Chicago O'Hare airport
- Global Warming Can Set The Stage for Deadly Tornadoes
- Elevate Your Wardrobe With the Top 11 Trending Amazon Styles Right Now
- Skiing legend Lindsey Vonn ends retirement, plans to return to competition
- Does Nature Have Rights? A Burgeoning Legal Movement Says Rivers, Forests and Wildlife Have Standing, Too
Ranking
- Ben Foster Files for Divorce From Laura Prepon After 6 Years of Marriage
- Girlfriend Collective's Massive Annual Sale Is Here: Shop Sporty Chic Summer Essentials for Up to 50% Off
- 25,000+ Amazon Shoppers Say This 15-Piece Knife Set Is “The Best”— Save 63% On It Ahead of Prime Day
- Wealthy Nations Continue to Finance Natural Gas for Developing Countries, Putting Climate Goals at Risk
- UFC 309: Jon Jones vs. Stipe Miocic fight card, odds, how to watch, date
- Fox Corp CEO praises Fox News leader as network faces $1.6 billion lawsuit
- How to prevent heat stroke and spot symptoms as U.S. bakes in extreme heat
- North Carolina’s New Farm Bill Speeds the Way for Smithfield’s Massive Biogas Plan for Hog Farms
Recommendation
-
Police identify 7-year-old child killed in North Carolina weekend shooting
-
Katy Perry Gives Update on Her Sobriety Pact With Orlando Bloom
-
Inside Clean Energy: Arizona’s Net-Zero Plan Unites Democrats and Republicans
-
General Motors is offering buyouts in an effort to cut $2 billion in costs
-
Tech consultant testifies that ‘bad joke’ led to deadly clash with Cash App founder Bob Lee
-
Boy, 10, suffers serious injuries after being thrown from Illinois carnival ride
-
Alyson Stoner Says They Were Fired from Children’s Show After Coming Out as Queer
-
How the cats of Dixfield, Maine came into a fortune — and almost lost it