Russia Is Infecting Ukrainian Soldiers’ Phones with Spyware, says SSU

The Security Service of Ukraine (SSU) has dismantled two Russian-sponsored bot farms allegedly designed to infect soldiers’ devices with data-stealing malware.

An unnamed woman from Korosten, “on enemy orders, massively registered virtual mobile numbers of Ukrainian operators and anonymous accounts in Telegram,” according to the announcement.

Hacking soldiers’ phones

The woman allegedly sold or leased the “accounts” through specialized Russian internet platforms, enabling Russian intelligence to use the numbers to hack into the phones of Ukrainian soldiers and deploy spyware.

“To do this, they sent phishing emails to the devices of the Defence Forces servicemen from anonymous numbers and Internet addresses registered in Ukraine,” the SSU says. “When files with malware were opened, a spyware virus was automatically downloaded to the phone, collecting confidential data. The enemy also used the anonymous bot farm accounts to spread Kremlin narratives supposedly on behalf of ordinary Ukrainian citizens.”

Spyware can be used to steal data, including location information, that can offer crucial insight in times of war.

The woman allegedly conducted the operation from her apartment and received payments in cryptocurrency. She is charged with “unauthorized interference with the operation of information and communication systems, electronic communication networks.”

Police also detained an alleged co-conspirator operating a SIM farm in the Dnipro region. The 30-year-old allegedly registered almost 15,000 fictitious accounts in various social networks and messengers. The man allegedly sold the accounts on underground web forums to Russian intelligence services.

He is charged with “encroachment on Ukraine’s territorial integrity and inviolability.”

Investigations are ongoing.

A global threat

Spyware is one of the most prolific threats targeting mobile phones today. Threat actors leverage ever-newer, unpatched vulnerabilities in target devices to deploy the potent malware with little to no input from the victim.

Adversaries use spyware to monitor the victim, record events on-screen and through the built-in mic and cameras, track the victim’s location, and pilfer sensitive data from the target device.

The US government has imposed visa restrictions on people known to be involved in the development and sale of spyware.

In April, iPhone maker Apple sent spyware alerts advising high-risk individuals in 92 countries to take the warning seriously, as threat actors were actively targeting them.

According to the Bitdefender 2024 Consumer Cybersecurity Assessment Report, few people consider themselves an actual target for cybercriminals. While spyware attacks like these are highly targeted, it is still vital for everyone everywhere to use recommended cybersecurity practices, not least of which employ dedicated security on personal devices.

Bitdefender also strongly recommends deploying the latest software updates issued by the software/hardware vendor as soon as they’re made available. Most software updates include important security fixes. Staying up to date greatly reduces the attack surface for motivated threat actors.