The National Security Agency, Cybersecurity and Infrastructure Security Agency, the FBI and international partners have released a report on a mobile malware, dubbed Infamous Chisel, associated with a group of Russian military cyberthreat actors known as Sandworm.
Published Thursday, the report shows that Infamous Chisel exfiltrates information from Android devices used by the Ukrainian military through periodic scanning of files and provides network backdoor access through a Tor hidden service and Secure Shell.
Sandworm has been known to target U.S. defense industrial base and government networks.
“Russia continues to leverage the cyber domain to advance its war against Ukraine,” said Rob Joyce, cybersecurity director at NSA.
“Our analysis offers guidance to help find and eradicate this threat, and raises awareness of this threat targeted by Sandworm malicious cyber activity. We will continue to collaborate across the U.S. government and with our international allies to eradicate cyber threats,” Joyce added.
CISA, NSA and the FBI jointly released the malware analysis report with their counterparts in New Zealand, Canada, Australia and the U.K.
