- Posted September 01, 2023
- Security Advisories
- Technical Advisories
The National Cyber Security Centre (NCSC) has today joined likeminded international partners to issue a Malware Analysis Report on the Infamous Chisel malware. This mobile malware, used by an actor known as Sandworm, was observed in a campaign targeting Android devices in use by the Ukrainian military.
Organisations from Australia, the United Kingdom, the United States, New Zealand, and Canada have previously linked the Sandworm actor to the Russian GRU’s Main Centre for Special Technologies GTsST.
This report has been published as part of a coordinated effort to raise awareness of this capability being used by the cyber-actor, Sandworm. The malware analysis report has been jointed issued by New Zealand’s National Cyber Security Centre (NCSC), the US National Security Agency(external link) (NSA), the US Cybersecurity and Infrastructure Security Agency(external link) (CISA), the US Federal Bureau of Investigation(external link) (FBI), the Canadian Centre for Cyber Security(external link) - part of the Communications Security Establishment (CSE), the Australian Signals Directorate(external link) (ASD), and the UK National Cyber Security Centre(external link) (NCSC).
While the NCSC is not aware of New Zealand organisations currently being impacted by the Infamous Chisel malware, we are conscious that malicious cyber activity in New Zealand reflects international trends, and alongside international tensions resulting from Russia’s invasion of Ukraine, there is increased potential for cyber-attacks.
We are making this advisory publically available to help inform organisations’ cyber defence efforts.
We encourage organisations’ information security leaders, technical specialists, security researchers, and those in academia to review this advisory, consider the tactics, techniques and procedures (TTPs) described in it, and to make an assessment of how they can be used to support network defence and resilience building.
If organisations identify malicious activity as a result of reviewing the information in this advisory, they should contact the National Cyber Security Centre at info@ncsc.govt.nz.