How Russia Used a Poisoned App to Spy on Ukraine’s Military
Russia’s prowess at cyber-warfare is also helping the country obtain an advantage on traditional military battlefields. According to a new report, Russian hackers infected an Android app in order to capture communications and location information about Ukrainian artillery units, and attack them.
The report, which is from U.S. cyber-security firm Crowdstrike, explains how Russia copied an Android app (GOOG) developed by an officer in the Ukraine military, and whose purpose is to process targeting data for a weapon called the D-30 Howitzer.
The counterfeit Russian app worked the same way. The only difference is that it contained malware that allowed the hackers to gain access to the text messages, location, and Internet data of Ukrainian soldiers who had downloaded it.
Such information reportedly helped Russia gain critical information about Ukrainian troop movement and fighting strength, and resulted in it inflicting unusually high casualties and damage in a violent border conflict that began in 2014.
“80% of D-30 howitzers were lost, far more than any other piece of Ukrainian artillery,” says the Crowdstrike report, which also cites casualties among Ukrainian military units that used the app.
Get Data Sheet, Fortune’s technology newsletter.
The Russians reportedly developed the poisoned app between mid-2013 and 2014 but did not place it in the Android store. Instead, in order to distribute the app, Crowdstrike suggests Russian hackers infiltrated online forums and on social media, where Ukrainian military personnel shared information.
“This assessment is based on a number of factors, but chief among them is the likelihood that a military member would only trust and use an application designed to calculate something as critical as targeting data if it was developed and promoted by a member of their own forces,” says the report. “The type of operational activity described here suggests an extremely sophisticated understanding of the target that only a skilled adversary would likely possess.”
The operation was reportedly carried out by Fancy Bear, a Russian military unit of hackers that has carried out a number of high profile operations, including the theft and release of emails belonging to John Podesta, the former chairman of the Democratic National Committee.
According to Crowdstrike, Russia hackers have also been developing iOS apps (AAPL) injected with malware in order to spy on adversaries, and has been impersonating Ukrainian groups on social media in order to discredit them.