Russia Creates Malware False-Flag App

The Russian hacking group Turla released an Android app that seems to aid Ukrainian hackers in their attacks against Russian networks. It’s actually malware, and provides information back to the Russians:

The hackers pretended to be a “community of free people around the world who are fighting russia’s aggression”—much like the IT Army. But the app they developed was actually malware. The hackers called it CyberAzov, in reference to the Azov Regiment or Battalion, a far-right group that has become part of Ukraine’s national guard. To add more credibility to the ruse they hosted the app on a domain “spoofing” the Azov Regiment: cyberazov[.]com.

[…]

The app actually didn’t DDoS anything, but was designed to map out and figure out who would want to use such an app to attack Russian websites, according to Huntely.

[…]

Google said the fake app wasn’t hosted on the Play Store, and that the number of installs “was miniscule.”

Details from Google’s Threat Analysis Group here.

Tags: , , ,

Posted on July 20, 2022 at 10:32 AM7 Comments

Comments

Ted July 20, 2022 1:57 PM

What a sputter into attrition.

I can’t imagine what info the IT Army has found in the meantime. Will we get to a stage where Russia’s internal machinations are aired in the international community?

In his book Freezing Order Bill Browder details his work in Russia with forensic financial investigators. Now, there will be more reason than ever for the aggrieved to expose the inner workings of an authoritarian kleptocracy.

This regime’s war in Ukraine seems a cruel press into further exposure, condemnation, and reckoning.

Rick July 20, 2022 2:06 PM

I’m not surprised to finally start seeing attacks such as this one. I wonder what is going on we know nothing about that could prove devastating to many systems and services around the world by the Russians alone.The upside it would seem is either Putin drafted all of his hackers for cyber-war or cryptocurrency is so screwed right now that no new reports of Rasomware attacks are being reported right now that I can find. Of course I might have missed some.

Frank B. July 20, 2022 2:47 PM

This is something script kiddies would come up with. Is the myth of Russian intelligence dead yet?

Clive Robinson July 20, 2022 3:33 PM

@ ALL,

I suspect the effort involved with creating it was fairly minimal so it serves two purposes,

1, It stops the wannabes.
2, If gathers info on wannabes.

The second can thus be used to build “Putins lists” of targets.

History tells us there are loads of “wannabe” types out there who will wqnt to be part of something, no matter how dumb it is.

If you think back to the early days of Anonymous over a decade ago, and their use of the Low Orbit Ion Cannon stress test tool to DDoS various high profile targets. And how of the thousands who voluntarily joined up to play along quite a few got arrested,

https://uk.pcmag.com/news/111465/anonymous-to-retire-low-orbit-ion-cannon

That sort of mentality never realy goes away, so we can expect a new generation of wannabies are going to walk into such a trap and surprise surprise not it’s apparently just what they have done…

Unfortunately this lot are unlikely to get such lenient treatment if Putin’s thugs catch up with them.

Remember Russia has legislation that aloes Putin to issue extrajudicial death warrants for execution any where in the world…

Seguridad July 21, 2022 9:15 AM

::”America;,. Have you lost your damned mind?”

::”I am currently being detained against my will in a high security architectural ::masterpiece somewhere within the Central DayLight TimeZone of The Continental ::Americas. ”

::”Nobody Out” “Pizza” = “Za”

::”Hutt”

WOI blueprint of HippyChick WBGN

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.