Free AI web copilot to create summaries, insights and extended knowledge, download it at here

Abstract

v, Minister of…</h3></div> <div><p>t.me</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*LSvlpyk8dxcObjei)"></div> </div> </div> </a> </div><h1 id="47b5">The impact</h1><p id="9c7c">If ‘members’ of Ukraine’s IT Army are the target then the app is making very little progress. <a href="https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag/">Google’s Billy Leonard</a> writes that “We believe there was no major impact on Android users and that the number of installs was miniscule.”</p><p id="bbcd">I guess those guys in the IT Army are not stupid.</p><p id="75ed">“All warfare is based on deception,” Sun Tzu wrote in <i>The Art of War</i>, just 25 centuries ago.</p><h1 id="d48f">The blame</h1><p id="9272">The blame is being laid at the keyboards of the Turla Group, a gang which is associated with FSB, the Russian Federal Security Service and has been responsible for many cyber attacks on Western organisations.</p><blockquote id="76f3"><p><b>Turla</b> is a Russian-based threat group that has infected victims in over 45 countries, spanning a range of industries including government, embassies, military, education, research and pharmaceutical companies since 2004. …<b>Turla</b> is known for conducting watering hole and spearphishing campaigns and leveraging in-house tools and malware</p></blockquote><blockquote id="81dc"><p>— <a href="https://attack.mitre.org/groups/G0010/"><i>Mitre.org</i></a></p></blockquote><h1 id="32cf">In addition</h1><p id="7929">Google also noted that malware exploiting the Follina vulnerability is still active (associated with the Groups APT28 and Sandworm); also that Ghostwriter/UNC1151, a threat actor attributed to Belarus, has continued to target the accounts of webmail and social media networks of Polish users.</p><h1 id="2e76">Join the IT Army of Ukraine and fight back?</h1><p id="a01d">Yes, you can.</p><blockquote id="7040"><p>The IT Army of Ukraine is a volunteer cyberwarfare organisation created at the end of February 2022 to fight against digital intrusion of Ukrainian information and cyberspace after the beginning of the Russian invasion of Ukraine on February 24, 2022</p></blockquote><blockquote id="bb06"><p><i>— <a href="https://en.wikipedia.org/wiki/IT_Army_of_Ukraine">Wikipedia</a></i></p></blockquote><p id="8ccf">Here’s where:</p><figure id="432f"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*Kls49uY33cyhZsPWmg_Dog.png"><figcaption>Author screenshot of <a href="https://itarmy.com.ua">itarmy.com.ua</a></figcaption></figure><p id="c2a7">Or you could actually donate a small drone to Ukraine at:</p><div id="6e31" class="link-block"> <a href="https://u24.gov.ua/dronation"> <div> <div> <h2>UNITED24 Dronation - Ukraine is assembling an Army of Drones</h2> <div><h3>We buy drones for the 1st, 2nd and 3rd front lines, coordinating procurement with the military. Our priority is buying…</h3></div> <div><p>u24.gov.ua</p></div> </div>

Options

<div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*iL7nPanndJxE-whs)"></div> </div> </div> </a> </div><p id="5ca4">The face of ware is certainly changing.</p><div id="c751" class="link-block"> <a href="https://readmedium.com/how-will-the-russian-war-on-ukraine-be-remembered-69e50261caea"> <div> <div> <h2>Drones: How the Russian War on Ukraine will be Remembered</h2> <div><h3>Not only for the multiple outrageous Russian war crimes, but also as the first full-on battle of the drones</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*W2YWkZ4sJ6RoAHbCDkteuQ.jpeg)"></div> </div> </div> </a> </div><div id="51cd" class="link-block"> <a href="https://readmedium.com/the-azov-battalion-2ef23332f51f"> <div> <div> <h2>The Azov Battalion</h2> <div><h3>Is there a small grain of sad truth in Putin’s ravings about Nazism in Ukraine?</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/1*CEXpifwMwG7Gw9mFoSfmbA.jpeg)"></div> </div> </div> </a> </div><p id="18e6"><i>About me: If you follow me I guarantee variety in your inbox with some peculiar perspectives! I write on a wide range of topics including humor, tech, space, geopolitics and travel, together with daily news events and the minutiae of my daily life living on a boat. Yes, I really do live on a boat (some readers don’t believe that). I also write, without apology, about…</i></p><p id="7e84"><b>…supporting Ukraine</b></p><p id="7562"><i>If you appreciate stories like these and want to support other writers and me, consider signing up to become a Medium member. It’s only $5 a month, giving you unlimited access to incredible stories on Medium. If you sign up using my link below, I’ll earn a small commission at no extra cost to you.</i></p><div id="2f3f" class="link-block"> <a href="https://james-marinero.medium.com/membership"> <div> <div> <h2>Join Medium with my referral link - James Marinero</h2> <div><h3>Read every story from James Marinero (and thousands of other writers on Medium). Your membership fee directly supports…</h3></div> <div><p>james-marinero.medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*JvTzpBgr6jF9XLUP)"></div> </div> </div> </a> </div><p id="9e5b"><i>Or maybe just <a href="https://ko-fi.com/jamesmarinero">buy me a coffee?</a></i></p><figure id="e6fe"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*F7CRvNpnsbM3yYySfOeIjA.png"><figcaption></figcaption></figure></article></body>

Ukraine

Ukraine Cyberwar: Kremlin Android App

A false flag nasty according to Google’s Threat Analysis Group and a first for the perpetrators

Image credit: https://www.pexels.com/@estonian-stalker-154793302/

The cyber war continues apace and Google has highlighted more activity by bad actors in Russia and Belarus. And now, Turla, (one of the threat groups associated with the Russian FSB) is pushing out Android malware.

The malware

Not on the Play Store

According to Google’s TAG (Threat Analysis Group), the alleged perpetrators — Turla — “recently hosted Android apps on a domain spoofing the Ukrainian Azov Regiment. This is the first known instance of Turla distributing Android-related malware. The apps were not distributed through the Google Play Store, but hosted on a domain controlled by the actor and disseminated via links on third party messaging services.”

It’s been labelled as CyberAzov.apk.

What it does

It spoofs an Azov Regiment domain (the right-wing-aligned Regiment is a crack Ukrainian army that was involved in defending Mariupol during the recent protracted Russian siege).

Users who download the app believe that when they use it they are participating in a DoS (denial of service) attack against Russian websites — they can even choose from a list of target websites.

Google says that a single ‘GET’ request is all that is sent to the target website selected by the user. And that’s not going to jam up the servers is it?

The Azon Battalion parading in Mariupol in happier days. Image credit: Wikimedia

Why bother if that’s all it does?

Maybe that’s not all it does. VirusTotal collates security analysts’ data and currently show 27 different security organisations which flag it as malicious; it may well contain a Trojan to infect the Android device.

It could have been designed to flush out Ukrainian cyber-warriors, namely the large decentralized base of digital volunteers working online against Russia and labelled by Ukraine as the IT Army.

Ukraine NOW [English]

💪 The Ukrainian IT-army has attacked the Russian portal "Gosuslugi", according to Mykhailo Fedorov, Minister of…

t.me

The impact

If ‘members’ of Ukraine’s IT Army are the target then the app is making very little progress. Google’s Billy Leonard writes that “We believe there was no major impact on Android users and that the number of installs was miniscule.”

I guess those guys in the IT Army are not stupid.

“All warfare is based on deception,” Sun Tzu wrote in The Art of War, just 25 centuries ago.

The blame

The blame is being laid at the keyboards of the Turla Group, a gang which is associated with FSB, the Russian Federal Security Service and has been responsible for many cyber attacks on Western organisations.

Turla is a Russian-based threat group that has infected victims in over 45 countries, spanning a range of industries including government, embassies, military, education, research and pharmaceutical companies since 2004. …Turla is known for conducting watering hole and spearphishing campaigns and leveraging in-house tools and malware

— Mitre.org

In addition

Google also noted that malware exploiting the Follina vulnerability is still active (associated with the Groups APT28 and Sandworm); also that Ghostwriter/UNC1151, a threat actor attributed to Belarus, has continued to target the accounts of webmail and social media networks of Polish users.

Join the IT Army of Ukraine and fight back?

Yes, you can.

The IT Army of Ukraine is a volunteer cyberwarfare organisation created at the end of February 2022 to fight against digital intrusion of Ukrainian information and cyberspace after the beginning of the Russian invasion of Ukraine on February 24, 2022

— Wikipedia

Here’s where:

Or you could actually donate a small drone to Ukraine at:

UNITED24 Dronation - Ukraine is assembling an Army of Drones

We buy drones for the 1st, 2nd and 3rd front lines, coordinating procurement with the military. Our priority is buying…

u24.gov.ua

The face of ware is certainly changing.

Drones: How the Russian War on Ukraine will be Remembered

Not only for the multiple outrageous Russian war crimes, but also as the first full-on battle of the drones

medium.com

The Azov Battalion

Is there a small grain of sad truth in Putin’s ravings about Nazism in Ukraine?

medium.com

About me: If you follow me I guarantee variety in your inbox with some peculiar perspectives! I write on a wide range of topics including humor, tech, space, geopolitics and travel, together with daily news events and the minutiae of my daily life living on a boat. Yes, I really do live on a boat (some readers don’t believe that). I also write, without apology, about…

…supporting Ukraine

If you appreciate stories like these and want to support other writers and me, consider signing up to become a Medium member. It’s only $5 a month, giving you unlimited access to incredible stories on Medium. If you sign up using my link below, I’ll earn a small commission at no extra cost to you.

Join Medium with my referral link - James Marinero

Read every story from James Marinero (and thousands of other writers on Medium). Your membership fee directly supports…

james-marinero.medium.com

Or maybe just buy me a coffee?