The GRU-Ukraine Artillery Hack That May Never Have Happened by Jeffrey Carr.
From the post:
Crowdstrike’s latest report regarding Fancy Bear contains its most dramatic and controversial claim to date; that GRU-written mobile malware used by Ukrainian artillery soldiers contributed to massive artillery losses by the Ukrainian military. “It’s pretty high confidence that Fancy Bear had to be in touch with the Russian military,” Dmitri Alperovich told Forbes. “This is exactly what the mission is of the GRU.”
Crowdstrike’s core argument has three premises:
- Fancy Bear (APT28) is the exclusive developer and user of X-Agent [1]
- Fancy Bear developed an X-Agent Android variant specifically to compromise an Android ballistic computing application called Попр-Д30.apk for the purpose of geolocating Ukrainian D-30 Howitzer artillery sites[2]
- The D-30 Howitzers suffered 80% losses since the start of the war.[3]
If all of these premises were true, then Crowdstrike’s prior claim that Fancy Bear must be affiliated with the GRU [4] would be substantially supported by this new finding. Dmitri referred to it in the PBS interview as “DNA evidence”.
In fact, none of those premises are supported by the facts. This article is a summary of the evidence that I’ve gathered during hours of interviews and background research with Ukrainian hackers, soldiers, and an independent analysis of the malware by CrySys Lab. My complete findings will be presented in Washington D.C. next week on January 12th at Suits and Spooks.
…
Sadly I won’t be in attendance but am looking forward to reports of Carr’s details on the alleged GRU-Ukraine hack.
Not that I am expecting the New York Times to admit the Russian hacking of the 2016 election is a tissue of self-serving lies.
Disappointing but not expected.