Russia's state hackers target Ukraine with malicious Android apps

Turla, a hacker group linked to Russia's Federal Security Service (FSB), used third-party messaging services to distribute the Android app.

Researchers claim that the catch, made by Google's Threat Analysis Group (TAG), marks the first time Turla was observed to distribute Android-based malware.

First spotted in 2008, Turla has been linked with the Russian state. Also known as Venomous Bear, the collective often targets governments and militaries.

According to a report by TAG, Turla hosted Android apps on a domain spoofing the Ukrainian Azov Regiment. Threat actors tried to lure their victims by offering them to perform Denial of Service (DoS) attacks against Russian websites.

Turla hackers target Ukraine with Android apps
Copycat Android app created by Turla. Image by Google. Edited by Cybernews.

"However, the 'DoS' consists only of a single GET request to the target website, not enough to be effective," reads the report.

Turla's aim seems to be to convince users they're performing attacks against Russian targets, while in reality, their efforts were of zero impact.

TAG also identifies another similar app called ',' which researchers determined actually carries out DoS attacks against Russian websites.

The apps also download a list of targets from an external site, but unlike the Turla apps, it continually sends requests to the target websites until the user stops it.

"Based on our analysis, we believe that the StopWar app was developed by pro-Ukrainian developers and was the inspiration for what Turla actors based their fake CyberAzov DoS app off of," reads the report.

Flames of cyber war

The conflict between different hacker groups started after Russia invaded Ukraine on 24 February. Groups supporting Ukraine started targeting organizations in Russia to help the country defend against the invasion.

Kyiv succeeded in rallying an international IT army to help it fight the digital war. Anonymous, Ukraine's IT Army, Hacker Forces, and many other hacktivist groups started targeting Russia's private and state-owned enterprises.

Meanwhile, pro-Russian hacker groups such as Killnet and XakNet have targeted countries that support Ukraine.

Government websites in Norway, Lithuania, Italy, Romania, Germany, as well as websites in Czechia, Latvia, and elsewhere were under Killnet's cyber fire. The pro-Russian group has declared a war against NATO and countries that support Ukraine.

According to the United Nations, the Russian invasion of Ukraine has created the 'fastest-growing refugee crisis in Europe since World War II.' Over 12 million people were displaced due to the conflict in a nation with 44 million residents.

Witness testimonies from Ukrainian towns Russian forces have occupied for close to a month point to severe human rights violations and targeted lethal attacks against civilians. Reports of "gross and systematic violations and abuses of human rights" got Russia suspended from the UN Human Rights Council.

More from Cybernews:

Google’s new app safety policy is like the fox guarding the hen house, says expert

Dubai to support over 40k jobs in the metaverse

US seizes $500k from North Korean ransom gangs

Novel CloudMensis spyware targets Apple macOS users

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked