16 August 2023

Russian spy agencies targeting Starlink with custom malware, Ukraine warns

Gareth Corfield

Hackers from Russia’s intelligence services are deliberately targeting Elon Musk’s Starlink with custom hacking software, Ukraine’s counter-intelligence agency has said.

A report published by Ukraine’s MI5 equivalent, the State Security Service (SBU), detailed how custom malware originating from Russia’s GRU spy agency had been written to try and spy on troop movements via Starlink satellites.

Starlink operates a network of thousands of satellites that beam wireless internet across the world. Ukrainian commanders rely heavily on the infrastructure for communications.

SBU experts discovered malicious software on Ukrainian tablet devices that were captured by the Russians before later being recovered from the battlefield.

One common method of spreading malware is to leave an infected device such as a smartphone, tablet or USB stick lying around in the hope that they are picked up and used.

The malware, one of five different types of information-stealing software found on the tablets, bore the hallmarks of the Sandworm hacker gang, the Ukrainian agency added.

Britain’s GCHQ has previously said Sandworm is Unit 74455 of the GRU, Russia’s main military intelligence division.

The SBU said in a technical report published this week: “The functional purpose is to gather data from the Starlink satellite system.”

Tony Adams, a researcher with Secureworks’s Counter Threat Unit, said: “The malware suite discovered by Ukraine’s SBU used a compromised device’s Starlink connection to track Ukrainian armed forces.

“If successful, this attack could have yielded extremely useful operational intelligence for Russian battlefield commanders, a goal undoubtedly on the GRU’s punch list.”

The revelation comes amid growing nervousness about Ukraine’s reliance on Mr Musk’s technology.

The billionaire has been ambivalent about letting Starlink be used for active military operations and the New York Times has reported that senior military chiefs in Kyiv have sought assurances from US counterparts as to Mr Musk’s reliability.

The SBU warning comes a month after Ukrainian cyber-security authorities warned that poorly secured Starlink terminals were potentially putting the country’s soldiers at “increased risk”.

Earlier this year another Russian weapon developed specifically to target Starlink, called Tobol, was uncovered after a US airman leaked secret intelligence documents onto online chat service Discord.



No comments: