They tried to steal GPS coordinates: hackers carried out a cyberattack on the smartphones of the Ukrainian Armed Forces via Signal

They tried to steal GPS coordinates: hackers carried out a cyberattack on the smartphones of the Ukrainian Armed Forces via Signal

Kyiv  •  UNN

 • 17577 views

Ukrainian experts have detected an attempted cyberattack on military devices via the Signal messenger. Hackers tried to steal data and gain access to GPS coordinates using malware.

Ukrainian experts have prevented an attempted cyberattack on smartphones and tablets of the Defense Forces. The hackers wanted not only to steal information from the devices, but also to gain access to GPS coordinates. This was reported by the State Special Communications Service, UNN reports.

Details

Specialists of the State Special Communications Service and one of the military units detected two cyberattacks. The hackers used Signal  to distribute messages to military personnel with links to download APK files, allegedly of the GRISELDA military system (an automated system for entering, processing, and transmitting information using artificial intelligence) and the Ochi surveillance system.

In the case of GRISELDA, the link opened a copy of the project's official website, which offered to download the “mobile version” of the GRISELDA application. It should be noted that such an application does not exist, and the downloaded APK file was HYDRA malware, the functionality of which, among other things, provides for the possibility of stealing session data (HTTP cookies), contacts, keylogging, etc

- The experts explained. 

Instead, in the case of the Ochi system, a link (Google Drive) offered to download an APK file that contained third-party code in addition to the original program's regular functionality.

The hackers planned to steal the user's login and password. In addition, the attackers hoped to steal the device's GPS coordinates. 

We assume that the attackers modified the legitimate program by adding a third-party JAVA class and implementing its call in the corresponding code blocks

- said the State Special Communications Service. 

We assume that the attackers modified the legitimate program by adding a third-party JAVA class and implementing its call in the corresponding code blocks.

Recall

In the summer, the State Service for Special Communications warned that hackers were actively attacking civil servants, military personnel and representatives of defense companies in Ukraine using the Signal messenger, which is popular among the military.