Russian Hackers used Android malware to track Ukrainian artillery

By Marc Lagace
last updated

Android
Android (Image credit: Android Central)

Android software is everywhere these days, even finding use on modern battlefields. And just like the apps on your smartphone, downloading potentially compromised .APKs from unofficial sources can lead to unforeseen consequences.

A new report from American cybersecurity technology company CrowdStrike found that a hacker group known as Fancy Bear embedded a malware implant known as X-Agent into an Android app used by the Ukranian military. The group is thought to have ties to Russian authorities who supported rebel forces in Ukraine, and had previously been linked to the DNC email leaks in another report published by CrowdStrike.

From the CrowdStrike blog:

Late in the summer of 2016, CrowdStrike Intelligence analysts began investigating a curious Android Package (APK) named 'Попр-Д30.apk' (MD5: 6f7523d3019fa190499f327211e01fcb) which contained a number of Russian language artifacts that were military in nature. Initial research identified that the filename suggested a relationship to the D-30 122mm towed howitzer, an artillery weapon first manufactured in the Soviet Union in the 1960s but still in use today. In-depth reverse engineering revealed the APK contained an Android variant of X-Agent, the command and control protocol was closely linked to observed Windows variants of X-Agent, and utilized a cryptographic algorithm called RC4 with a very similar 50 byte base key.The filename 'Попр-Д30.apk' was linked to a legitimate application which was initially developed domestically within Ukraine by an officer of the 55th Artillery Brigade named Yaroslav Sherstuk. In media interviews Mr. Sherstuk claims that the application, which had some 9000 users, reduced the time to fire the D-30 from minutes to seconds. No evidence of the application has been observed on the Android app store, making it unlikely that the app was distributed via that platform.

The report goes on to say that if the X-Agent malware was successfully deployed within the application, it would have allowed for accurate reconnaissance for rebel troops on the location of Ukrainian artillery positions. CrowdStrike found through open source reporting that "Ukrainian artillery forces have lost over 50% of their weapons in the 2 years of conflict and over 80% of D-30 howitzers, the highest percentage of loss of any other artillery pieces in Ukraine's arsenal." You can read the full report from CrowdStrike here.

This case is obviously a fairly extreme example of the damage hacked apps can do, but let this serve as a stern reminder to all of us about just how easy it can be to download malicious Android apps from the internet.

Marc Lagace
Marc Lagace

Marc Lagace was an Apps and Games Editor at Android Central between 2016 and 2020. You can reach out to him on Twitter [@spacelagace.

32 Comments
  • #justrussainhackerthings
  • Welcome to Russia lite!
  • No .APK to download?
  • The Russians seem to be getting blamed for lots of stuff these days.
  • Yes, until you watch the real news, then you realize all US news is just a huge propaganda machine
  • US news is owned by Russia
  • This is crazy. Since when are the Russians such great tech gurus? I thought the Chinese were supposed to be the main hackers.
  • No, enemy of the week is Russia. Didn't you get the vibe?
  • Most of the computer games and softwares are reversed engineered by the Russians!
  • Yeah, the mainstream media is just propaganda ... those Fox New and Breitbart folks. tsk. tsk.
  • Another liberal leftists nonsensical comment.
  • Oh my. I'm so hurt. I'm gonna cry. boohoo boohoo. heh.
  • Apparently you are with your response, whaaaaaa.
  • No, I was being a smart ass instead of telling you to go f yourself sideways. ;) Ya jackwagon.
  • Let's be nice. Screw politics
  • Exactly. This ain't football. Nobody's winning.
  • Exactly
  • Liberals. Conservatives. Both groups are idiots and fools. Easily led astray by propaganda. No concept of what is in their best interest. Willing to sell out to the lunatic fringes of society. Damn shame that you idiots have destroyed the concept of what this country stands for. More of a shame you're too dumb to see it.
  • The worst part is we're seeing one side or the other as the enemy, as though one side is more American than the other. As our Real enemies take advantage of our destraction. Truly poisonous.
  • LMAO
  • Don't be stupid. How can you lump "American media" in one group. Russia get the criticism they deserve. Widescale cheating and lying, committing war crimes ,testing their arms in civilians, denying bombing aid convoys, passenger liners, and behaving like pigs to their neighbours, ask Georgia, Ukraine, Crimean people...
  • Thats the exact propaganda that they are feeding you lol. Watch the real news and they will tell you where ISIS and Al Qaeda come from, and who started the war in Syria, and why there is a war in Ukraine....not sure what you mean by Crimea though, there is no war there and most people are Russians
  • They've been doing a lot. They want to restore their former glory. The only way for them to do it is to change the public opinion of them. So they've been hard at work for years brainwashing the Americans and other democratic nations via propaganda sites. It's working, many people on the right have a favorable opinion of Putin and call mainstream news propaganda now. These people clearly don't even watch the news or are able to distinguish fact from opinion from newscasters. We live in dangerous times people. Always remember, any site you read must not take sides. As soon as side is taken, they site is tainted to the right or left. We have been divided and conquered in this last election. We cannot go against each other, none of the leaders should be given a free pass like their our savior.
  • That's really cool
  • That's why I stick to iPhones when moving my artillery around.
  • But have you used apple maps..omg I got lost and ended up 6 miles from where I need to set up my mortars, and howitzers. So now I just wing it and use MLRS and take out the whole grid square
  • I just use Friendster and AOL chat rooms to communicate to my troops, no one is looking at that anymore
  • Note to self...need to use that....hmmm now what about the Air force... What smoke signals?
  • That's fine by us keep overpaying for overpriced, mediocre and inferior hardware with your crappy LCD display running and basic and pathetically limited OS while with stick with great hardware and screens all powered by the most advanced, most used and dominant OS in the world, Android along with Google Maps which is far superior to the crappy Apple Maps.
  • Dude why so serious? You do know that we was joking
    This is why we can't have nice things
  • So glad I sold my howitzer
  • Here come internet regulations?? 🤔