The hack into a Ukraine military app has reinforced claims the cyber unit known as "Fancy Bear" has a direct Kremlin link. It also reinforces US intelligence reports linking the Kremlin to cyber attacks in the US.
New evidence the Russian military targeted Ukrainian artillery units in eastern Ukraine by using an infected Ukrainian Android smartphone app has reinforced US intelligence conclusions that Russian security units also hacked into the Democratic National Committee (DNC) in the run-up to last month's US presidential election.
The connection was made in report released Thursday that describes how a smartphone application created by a Ukrainian officer in 2013, which was used to quickly carry out artillery strikes against Russian-backed rebels in eastern Ukraine, appears to have become the means by which Russian intelligence pinpointed the location of Ukraine's military units.
The app was distributed over social media but was ultimately hacked and redistributed on a Ukrainian military forum by the Russian military intelligence agency (GRU), according to the report released by CrowdStrike. At least one of the GRU's cyber-operations units is known by the moniker "Fancy Bear."
Ukrainian military units using the infected app inadvertently gave away valuable strategic information, including troop location, access to contacts, text messages, call logs and internet data, to the Russian military, according to the report.
Fancy Bear hacked DNC
US intelligence and the FBI believe Fancy Bear hacked into the email system of the DNC over many months and then released the contents through third parties with the intent of creating controversy around the Democratic Party and helping Republican candidate Donald Trump win the election.
The malicious software that was used to help turn the Russian-backed rebels clash with Ukrainian forces to Russia's advantage is the same as that used to hack the DNC, according to Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike. He said the software was known as X-Agent.
His company was also hired to investigate the DNC hack attack and during the summer publicly attributed it to Fancy Bear.
Alperovitch said the Ukrainian example demonstrates an even stronger connection between Fancy Bear operators and the Russian military.
"For them to use this on the battlefield they need a closely integrated connection," Alperovitch said. "It's exactly the mission of the GRU...We think this is very convincing evidence that links [Fancy Bear and the GRU] together."
Russian President Vladimir Putin has repeatedly rejected claims by the US President Barack Obama's administration that the highest levels of the Russian government were involved in trying to influence the US presidential election.
President-elect Donald Trump has called the intelligence assessment blaming Russia ridiculous. Obama has ordered US intelligence officials to conduct a broad review of election-season cyberattacks and present its report before he leaves office in mid-January.
bik/sms (AP, Reuters)