Ukrainian intelligence officials have uncovered an elaborate cyber attack launched by Russian state hackers aimed at infiltrating Ukraine’s military planning operations systems. The hackers, identified as belonging to Russian military intelligence, specifically targeted Android tablet devices used by Ukrainian officers on the front lines to gather intelligence.

The attack, which aimed to spy on Ukrainian military activities, was revealed in a report published by Ukraine’s Security Service Cyber Security Situation Center. Ukrainian intelligence officer Illia Vitiuk expressed the seriousness of the situation, stating that “our enemy is extremely focused on getting insight into these systems.”

The Ukrainian military relies on various tools and platforms for situational awareness, including Delta, a military platform developed by Ukraine’s Ministry of Defense, and Kropvya, a defense mapping software created by NGO Army SOS. Developers of these systems are now cautious about discussing their platforms openly to limit exposure to Russian threats.

The Russian hackers’ objectives in this operation included collecting intelligence from the compromised devices and tailoring malware to exploit the broader military operations network. Vitiuk mentioned that these operations were well-planned and involved hacker groups moving closer to the front lines to steal Ukrainian tablets.

The cyber attack has been attributed to Russian military intelligence organization GRU, specifically the hacking group known as SandWorm. SandWorm has been active before and during the ongoing invasion, targeting various sectors including the energy industry and the global economy.

Fortunately, Ukraine’s State Security Service detected the operation in its early stages, preventing full access to the military operations system. However, concerns have been raised by cybersecurity experts about potential breaches and the lack of transparency from the government regarding stolen information.

Vitiuk clarified that the military platforms are designed in a segmented manner, granting each user access only to specific components. Therefore, even if Russian officers capture individual Android devices or steal login credentials, they would only be able to access information available to the compromised user.

Malware samples collected from this operation provided interesting insights into the hackers’ motives. Some of the malware was specifically designed to gather information about connections to SpaceX’s Starlink satellite internet devices. With this data, the hackers could potentially determine the location of specific military units.

This latest cyber attack highlights the ongoing threat posed by Russian state hackers and the vulnerabilities present within military planning systems. It serves as a reminder of the critical importance of robust cybersecurity measures and constant vigilance in defending against such incursions.