The Russian hacker group Turla apparently used an Android app to unmask participants in DDoS attacks against Russian infrastructure. The malware appeared to be carrying out such load attacks against websites, thereby suggesting that it was supporting Ukraine’s IT army. Instead, they should only report who installs such an application. Google’s Threat Analysis Group found this out and holds the probably state-financed hacking gang Turla responsible. The procedure shows once again that the attacks are constantly being developed and that what is successful is checked again and again.
Number of installations “tiny”
The Threat Analysis Group is responsible for cyber security at Google and has summarized the findings in a blog post. The Android malware was therefore distributed via its own website, which appeared to be connected to the so-called Azov regiment. This unit, which also has a right-wing extremist history, has long been the focus of the battle for the Ukrainian port of Mariupol. The alleged “Cyber-Azov” site claimed that the app could automatically carry out DoS attacks (Denial of Service) against Russian websites. In reality, they only sent a single request at a time. Because the app wasn’t available through Google’s Play Store, it didn’t have a major impact, and the number of installations was “tiny.”
The Google group also explains that they have discovered another app that is supposed to work in a similar way. The Stopwar.apk was also only distributed via one website and actually sent many requests to websites. Google assumes that it was actually developed out of Ukraine and served as a model for the Turla malware. Immediately after the start of the Russian war of aggression, Ukraine created its own “IT army”. This recruitment of volunteers from all over the world was primarily about organizing DDoS attacks on Russian and Belarusian websites. The finding of Turla’s Android app now shows how Russia apparently tried to identify participants and take action against them.
To home page