Bloomberg writer says this smells
Why I Still Don't Buy the Russian Hacking Story
Then there's the issue of the targeting software itself. Yaroslav Sherstyuk, the Ukrainian military officer who developed the application, reacted angrily on Facebook to the CrowdStrike report, saying he never published the software on any public forums and encouraging fellow Ukrainian servicemen to keep using the latest version of his app. Via Facebook Messenger, he told me that he didn't believe an infected version of the app even existed. "This is a hoax to scare everyone and make us go back to the old methods of targeting fire," he wrote. A CrowdStrike spokesperson did not respond when I asked if it had contacted Sherstyuk. He said it hadn't.
The spokesperson, Ilina Dimitrova, wrote that "it is indisputable that the app has been hacked with Fancy Bear malware -- we have published the indicators related to it and they have been confirmed by others in the cybersecurity community." CrowdStrike said that it found the infected app "in limited public distribution on a Russian language, Ukrainian military forum." I doubt anyone in the Ukrainian military would download software for targeting artillery fire from a forum. Typically, they obtain it directly from known developers such as Sherstyuk. If I can contact him directly, so can Ukrainian artillery officers seeking to improve their performance in battle.
Hence, it's hard for me to believe that this infected app -- found somewhere on the internet and likely never used by Ukrainian soldiers -- offers evidence tying the GRU to APT28. And that's even if one accepts the initial logical leap to the GRU, as opposed to any of the other Russian spy services also involved in the Ukrainian conflict. I sincerely hope that when the U.S. intelligence community finally produces its findings on the election-related hacks, it will be more convincing.