Nation-state

Ukraine says Belarusian hackers are targeting its military personnel

Ukrainian officials said on Friday that Belarusian state-sponsored hackers are trying to compromise the email accounts of its military personnel.

“Mass phishing emails have recently been observed targeting private ‘i.ua‘ and ‘meta.ua‘ accounts of Ukrainian military personnel and related individuals,” Ukraine’s Computer Emergency Response Team (CERT-UA) wrote in a Facebook post earlier today.

“The Minsk-based group ‘UNC1151’ is behind these activities. Its members are officers of the Ministry of Defence of the Republic of Belarus,” officials added.

CERT-UA, which provides cybersecurity response services to the Ukrainian public and private sectors, said that once UNC1151 hackers gained access to an account, they would use the IMAP protocol to download email messages and then use the account’s address book to send out new phishing messages to other targets.

The phishing campaign is currently taking place against the backdrop of Russia’s invasion of Ukraine.

Belarus has played a crucial role in this invasion by hosting and allowing Russian troops to use its territory to launch attacks from Ukraine’s northern border. Belarusian troops are also participating in the armed conflict.

UNC1151 has targeted Ukraine for years

In November 2021, security firm Mandiant also formally linked the UNC1151 group to the Belarusian government. It said the group was behind an operation it tracked under the codename of Ghostwriter.

In this coordinated series of attacks, UNC1151 broke into government networks to steal information, with a particular focus on Lithuania, Poland, Ukraine, and Latvia. In another series of attacks, UNC1151 also broke into news sites to plant fake news stories with an anti-NATO message and also leaked forged documents to journalists.

The UNC1151 attacks are part of a hybrid warfare strategy that Russia and its acolytes are using in Ukraine, which also included a considerable cyber component.

This included launching DDoS attacks on government websites and local banks, the deployment of data-wiping malware to destroy local computer networks, phishing attacks to compromise government accounts, waves of SMS spam messages meant to sow panic among the general population, and attempts to plant fake government data leaks.

Many of these attacks predated the invasion, others supported it, and more are expected to take place throughout the conflict.

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.

Recent Posts

TikTok could face £27 million fine for failing to protect UK children’s privacy

Social media platform TikTok could face a fine of £27 million after an investigation by…

5 hours ago

IBM expands HBCU cybersecurity center program to 20 schools

IBM announced this week that it will be expanding its collaboration with Historically Black College…

5 hours ago

US Treasury carves out Iran sanctions exceptions for internet providers

The U.S. Department of Treasury said it is carving out exceptions within its stifling sanctions…

2 days ago

US Nuclear Security Administration criticized by watchdog over cybersecurity failures

The U.S. agency that maintains and modernizes the country’s nuclear stockpile was criticized by a…

3 days ago

Log4j: Senators introduce bill centered on CISA open source security efforts

A bipartisan group of senators introduced a new bill this week intended to address the…

3 days ago

7-year Android malware campaign targeted Uyghurs: report

The Uyghur community was targeted with an Android-based malware campaign for over seven years, according…

3 days ago