A cybersecurity expert has questioned claims that Russian intelligence hacked Ukrainian artillery units with malware to track their location.
Security firm Crowdstrike issued a report last month, finding that malware had infected Ukrainian artillery units who used an application called POPR-D30. The artillery operators used the Android app to calculate firing corrections for the D30 howitzer.
Crowdstrike’s report found that an infected version of the app was floating around, adding that the infected version was sending the artillery units’ location to Russian intelligence. The report added that Russia may have used the malware to get a fix on Ukrainian artillery emplacements and destroy them.
Now, cybersecurity expert Jeffrey Carr has disputed the report, saying that the malware was by no means exclusive to Russian hackers, for starters.
An expert questioned how Russian intelligence could’ve hacked Ukrainian artillery if the malware in question didn’t have the requisite capability
Carr also said that the infected APK was analysed, with no location-tracking functionality being found.
“The Android APK malware doesn’t use GPS nor does it ask for GPS location information from the infected phone or tablet. That’s a surprising design flaw for custom-made malware whose alleged objective was to collect and transmit location data on Ukrainian artillery to the GRU [Russian military intelligence – ed],” Carr explained in a Medium post.
The cyber-warfare consultant said that the malware collects base station information, but cautioned that it wasn’t accurate enough for plotting targets (the Ukrainian artillery).
“In rural areas, one base station could have a range of up to 30 kilometres,” the expert said.
It added that Crowdstrike’s figures for losses of the D30 howitzer came from a pro-Kremlin blogger situated in annexed Crimea.
Carr said that while users could download the original app online, they had to provide their military credentials to use it. The malware-laden version could be a different issue, right? Well, Carr doubts that it’s been used by Ukrainian troops at all.
“…Crowdstrike hasn’t provided any evidence that the malware-infected Android app was used by even a single Ukrainian soldier.”