The Ukrainian State Security Service (SBU) recently published a report detailing how the GRU, Russia's main military intelligence agency, is allegedly creating custom malware to try and spy on Ukrainian troop movements using Starlink satellites. (Related: Space Force to launch network of SPY SATELLITES to counter growing Chinese and Russian space capabilities.)
Starlink, developed by Musk's company SpaceX, operates a network of thousands of satellites that beam wireless internet across the world. Musk launched several of his satellites over Ukraine at the beginning of Russia's special military operation in the country to provide Ukrainians with the internet. Now, Ukrainian commanders have become heavily reliant on the space infrastructure to communicate across vast distances on the frontlines.
According to the SBU, experts within the intelligence service claim to have discovered malicious software on Ukrainian tablet devices that were captured by the Russians before later being recovered from the battlefield.
The SBU claims leaving infected devices such as smartphones, tablets or even USB sticks lying around in the hope that they are picked up and used is a common method of spreading malware.
Some of the malware samples found by SBU's cyber experts were allegedly designed to gather information about connections to the Starlink system.
"This was very interesting malware," explained Illia Vitiuk, head of the SBU's Cybersecurity Department in an interview with NPR. "It gave them the possibility to get the configurations of Starlink, so in the end they could understand the location" of specific military units.
Vitiuk continued by noting that, if Russian military forces know the specific location of certain military units, they can use that information to then target them with artillery, drones or missiles.
"But the thing is, we have thousands of Starlinks here in Ukraine, and there are alternatives … you cannot hit it with a missile or artillery shell, every Starlink," said Vitiuk, claiming that Russia may try to target Starlink satellites directly to prevent them from being used by Ukraine.
Vitiuk's statements are confirmed by the SBU's report on the discovery of the malware. The technical report claims that the purpose of the hacking attempts "is to gather data from the Starlink satellite system."
The malware, one of five different types of information-stealing software found on the tablets, bore the hallmarks of the creation of the SandWorm hacker gang.
The Government Communications Headquarters, the United Kingdom's main signals intelligence unit, has previously claimed that SandWorm is the Unit 74455 of the GRU.
"The malware suite discovered by Ukraine's SBU used a compromised device's Starlink connection to track Ukrainian armed forces," noted Tony Adams, a researcher with the Counter Threat Unit of the Atlanta-based cybersecurity firm Secureworks. "If successful, this attack could have yielded extremely useful operational intelligence for Russian battlefield commanders, a goal undoubtedly on the GRU's punch list."
Hackers from SandWorm have reportedly been extremely active both during and before the beginning of Russia's special military operation in Ukraine in February 2022. The group reportedly attacked the Ukrainian energy sector, the global economy and other high-value targets.
This is also not the first time that cyber warfare operations have affected the ongoing conflict. In December 2022, Russian hackers broke into Ukrainian military email accounts to deliver convincing phishing emails in an attempt to compromise their access to Delta, a military platform developed by Ukraine and regularly used by commanders to track Russian troops using Starlink and other gathered intelligence.
Before this, in the summer of 2022, Russian hackers created a fake version of the Delta website to trick legitimate users into providing their credentials.
Learn more about the ongoing conflict in Ukraine at UkraineWitness.com.
Watch this mirrored clip from the YouTube Channel "Military Tube Today" reporting how the Russian Armed Forces recently destroyed a Starlink satellite system communications kit utilized by the Ukrainian Armed Forces using radio-controlled kamikaze drones.