The increasing reliance on mobile phones by both Russian and Ukrainian forces has transformed the battlefield, with devices serving as both vital tools and potential liabilities.

The disclosure has led to a warning by cyber analysts of a shift in Russian cyber tactics to exploit mobile phone weaknesses.

The Kremlin has also proposed a strict new law punishing soldiers for carrying phones in combat zones in a bid to clamp down on their use on the battlefield.

Dan Black, Manager of Cyber Espionage Analysis at Mandiant, described how Russia’s cyber strategy has moved from high-profile, destructive attacks on civilian infrastructure to a more subtle, tactical approach, focused on targeting individual soldiers’ mobile phones.

In a commentary for the Royal United Services Institute, Black states that Kyiv’s “emphasis on ‘data-driven combat’ made smartphones an invaluable source of location data to establish patterns of movement and locate and target Ukrainian positions.”

Communications software company RealTyme states that even if soldiers are careful not to share their location directly, their mobile phones can still be tracked. The metadata generated by these devices, such as cell tower connections and GPS coordinates, can be used to pinpoint their whereabouts.

Recognising the risks of mobile phones, Russia has proposed a law that would punish soldiers for carrying phones in Ukraine’s combat zones, by up to 15 days of arrest. 

Russian state media outlet Tass reported on the proposed law, stating that “Wearing gadgets during service in a special operation zone will be considered a gross disciplinary offense. This follows from amendments supported by the State Duma Defence Committee.”

Yet, Moscow also recognises the value of these devices and has adapted its cyber tactics to exploit the wealth of data they offer.

In Ukraine, encrypted messaging apps like Signal have become a prime target for Russian intelligence services, said Black, as they are indispensable tools for sharing sensitive information, coordinating tactics, and maintaining operational security.

Black describes how “one Russian military-affiliated unit has dedicated its focus to social engineering Ukrainian soldiers into linking Russian-intelligence controlled instances of encrypted messaging applications including Signal, Telegram and WhatsApp to their accounts.”

Malware, often disguised as legitimate apps or updates is another weapon. As Black notes, “the masking of malware as versions of mobile applications has increased significantly in response to Kyiv’s suite of software-driven military innovations.”

Ukraine’s Cyber ​​Security Department head, Ilya Vityuk, has also warned of the consequences of the overreliance on mobile technology.

Describing an operation against Ukrainian military systems, Vityuk said: “When one of our defenders was taken prisoner, they took their phones or tablets with “Nettle” and “Delta” installed, studied how these systems work, and later developed malicious software for them to penetrate correspondence and documents.”

Black’s research has highlighted how the GRU’s Main Center for Special Technologies has provided dedicated infrastructure and technical instructions to Russian ground forces so that they can exfiltrate Telegram and Signal communications from captured devices at the front.

Referring to messaging apps, Vityuk said “Today, the general rule is that there is no such thing as a safe messenger.”

“You can turn on the microphone or camera, no matter which messenger you use. We have one rule in the SBU: it is forbidden to forward sensitive, official information by any messengers.”

Vityuk also expressed concerns about specific messaging apps, such as Telegram, as the app is “actively used in disinformation campaigns of the Russian Federation.”

Black warns of the potential for wider implications from Russia’s cyber operations. The targeting of mobile phones, particularly the exploitation of platforms like Signal, represents a new frontier in cyber warfare. As Black points out, “These applications see ubiquitous use by Western militaries, politicians, civil-society groups, and other common targets of Russia’s intelligence services.”

These tactics honed in Ukraine could be replicated and refined for use against other nations. Black warns that “If history has taught us anything, it’s that Russian tradecraft rarely stays confined to Ukraine.”