Ukraine’s Computer Emergency Response Team (CERT-UA) has reported that Belarusian state-sponsored hackers are phishing its military members and connected individuals as part of the country’s military invasion by Russia.
“Mass phishing emails targeting private ‘i.ua’ and’meta.ua’ accounts of Ukrainian military officers and related individuals have lately been spotted, Once the account is compromised, the attackers gain access to all of the messages through the IMAP protocol.”
The Ukrainian authorities blamed the attacks on a threat actor known as UNC1151, a Minsk-based group whose members are officers of the Republic of Belarus’ Ministry of Defense. The CIA claimed the update that the nation-state group also targets its own population while also targeting Russian organisation.
- Association of Belarusians of the World (International Social Union)
- Belarusian Music Festival
- Samara Oblasna Public Organization “Russian-Belarusian Fraternity 2000”
- Dzêâslov, a Belarusian literary magazine
- Soviet Belarus (Sovetskaya Belorussiya), a daily newspaper in Belarus
- Employees of the National Academy of the Republic of Kazakhstan, and
- Voice of the Motherland, a local newspaper in Belarus
In a November 2021 report, Mandiant researchers reported that , “UNC1151 has targeted a wide array of governmental and business sector organisations, with an emphasis in Ukraine, Lithuania, Latvia, Poland, and Germany. Belarusian dissidents, media outlet and journalists are also being targeted.”
The state-backed cyberattack group has also been linked to the Ghostwriter disinformation campaign, which spread anti-NATO and corruption-themed narratives aimed at the governments of Lithuania, Latvia and Poland with the likely goal of undermining the governments and inflaming regional instability.
The autonomous hacktivist organisation Anonymous tweeted that , “The Anonymous collective is officially in cyber war against the Russian government,” adding that it “leaked the database of the Russian Ministry of Defense website.”
The Conti ransomware gang which just absorbed a TrickBot virus, declared its “full support” to Russia, promising to strike back at an enemy’s key infrastructures if anybody decides to plan a cyber attack or any military actions against Russia.
Finally the researchers concluded that , “we do not ally with any government and we denounce the ongoing war. We will use our entire capacity to deploy retaliatory measures in case the Western warmongers seek to target critical infrastructure in Russia or any Russian-speaking region of the planet. The RedBanditsRU cybercrime group and the lesser-known CoomingProject ransomware campaign are two more hacker groups that have claimed loyalty to Russia.”