News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Alerts
  3. Support for Ukraine calling out Russia’s GRU for new malware campaign

Support for Ukraine calling out Russia’s GRU for new malware campaign

This section contains time sensitive announcements about specific cyber threats, vulnerabilities and scams. Each alert has information you need to be aware of, and what actions to take to mitigate any risk to you or your organisation.

Subscribe to our updates to be notified as soon as we publish an alert.

12:00am, 1 September 2023

TLP Rating: Clear

Support for Ukraine calling out Russia’s GRU for new malware campaign

The National Cyber Security Centre (NCSC) has today joined like-minded international partners to issue a Malware Analysis Report on the Infamous Chisel malware. This mobile malware, used by an actor known as Sandworm, was observed in a campaign targeting Android devices used by the Ukrainian military.

Joint advisory: NCSC MAR Infamous Chisel [PDF, 672 KB]

Organisations from Australia, the United Kingdom, the United States, New Zealand, and Canada have previously linked the Sandworm actor to the Russian GRU’s Main Centre for Special Technologies (GTsST). 

This report has been published as part of a coordinated effort to raise awareness of this capability being used by the cyber actor Sandworm.

The Malware Analysis Report has been jointly issued by:

  • New Zealand’s National Cyber Security Centre (NCSC),
  • U.S. National Security Agency (NSA),
  • U.S. Cybersecurity and Infrastructure Security Agency (CISA),
  • U.S. Federal Bureau of Investigation (FBI),
  • Canadian Centre for Cyber Security (CCCS) – part of the Communications Security Establishment (CSE),
  • Australian Signals Directorate (ASD), and
  • United Kingdom’s National Cyber Security Centre (NCSC-UK).

What's happening

Systems affected

While the NCSC is not aware of New Zealand organisations currently being impacted by the Infamous Chisel malware, malicious cyber activity in New Zealand often reflects international trends. Given the ongoing tensions following Russia’s invasion of Ukraine, there is an increased potential for cyber-attacks.

What this means

This advisory is being made publicly available to help inform organisations’ cyber defence efforts. 

What to look for

How to tell if you're at risk

The NCSC encourages information security leaders, technical specialists, security researchers, and academics to review this advisory, consider the tactics, techniques and procedures (TTPs) described, and assess how they may inform their network defence and resilience strategies.

What to do

Prevention

If organisations identify malicious activity as a result of reviewing this advisory, they should contact the National Cyber Security Centre by email: info@ncsc.govt.nz.

More information

Joint advisory: NCSC MAR Infamous Chisel [PDF, 672 KB]