Now Ukraine’s artillery is affected by malware

We’ve already seen malware being used to disrupt power stations and other infrastructure. But a new form of malware has been affecting Ukraine’s artillery pieces.

According to security firm CrowdStrike, hackers crafted the X-Agent malware into an Android app used by Ukrainian artillery operators.

The legitimate version of the app allows operators of the D-30 howitzer to quickly process targeting data, reducing processing time from minutes to “under 15 seconds”. And it’s seen quite a lot of downloads, with roughly 9000 users, it’s been claimed.

The malware should be a big concern for militaries around the world

The security firm found that X-Agent was able to track the location of infected devices and thus track artillery. In other words, enemy forces could build a better picture of enemy emplacements.

“Open source reporting indicates that Ukrainian artillery forces have lost over 50% of their weapons in the two years of conflict and over 80% of D-30 howitzers, the highest percentage of loss of any other artillery pieces in Ukraine’s arsenal,” CrowdStrike added, suggesting that the high loss rate could be due to the malware.

The security company said that the malware was likely associated with Russian military intelligence, working in concert with Russian and pro-Russian forces in east Ukraine.

Correction: We incorrectly called the malware FANCY BEAR instead of X-Agent. FANCY BEAR refers to a hacker group, allegedly behind the malware.