The Russia connectionRussian Government-linked Hacker Group Releases Powerful Adroid Malware
The St. Petersburg-based Special Technology Center (STC), a Russian technology group linked to the GRU, Russia’s military intelligence branch, was sanctioned by the U.S. government for its role in the 2016 Kremlin-directed cyberattacks on the U.S. election infrastructure. STC is back in the news. This time, for developing n especially powerful and persistent malware, dubbed Monokle.
The St. Petersburg-based Special Technology Center (STC), a Russian technology group linked to the GRU, Russia’s military intelligence branch, was sanctioned by the U.S. government for its role in the 2016 Kremlin-directed cyberattacks on the U.S. election infrastructure. The GRU orchestrated a broad hacking and social media campaign to help Donald Trump win the November 2016 presidential election.
STC is back in the news. This time, for developing n especially powerful and persistent malware, dubbed Monokle. The malware presents Android users with fake versions of popular Android applications such as Skype, Signal, and PornHub. When the fake apps are used, Monokle “exfiltrate data from third party applications by reading text displayed on a device’s screen at any point in time,” according to a report released Wednesday by the Lookout cybersecurity firm.
“Monokle seeks root access, the most privileged level of control,” Patrick Tucker writes in Defense One. “When it achieves that access its able to overwrite security certificates to intercept—and potentially change— incoming and outgoing information, sometimes called a man-in-the-middle attack. But it can operate and steal data even when it can’t access root (because of systtem configuration.)”
Lookout report notes: “This allows the software to be incredibly flexible and useful in multiple operational scenarios.”
Here are the Executive Summary and Key Findings of Lookout’s report:
Executive Summary
Lookout has discovered a highly targeted mobile malware threat that uses a new and sophisticated set of custom Android surveillanceware tools called Monokle that has possible connections to Russian threat actors. Lookout research indicates these tools are part of a targeted set of campaigns and are developed by the St. Petersburg, Russia-based company, Special Technology Centre, Ltd. (STC, Ltd. or STC).
In late 2016, the amendment to Executive Order 13964 issued by then President Barack Obama, imposed sanctions on STC as one of three companies that provided material support to the Main Intelligence Directorate (GRU) for alleged interference in the 2016 U.S. presidential election. STC is a private defense contractor known for producing Unmanned Aerial Vehicles (UAVs) and Radio Frequency (RF) equipment for supply to the Russian military, as well as other government customers. STC has been operating in St. Petersburg since 2000 and has approximately 1500 employees.
