Last Updated on 26/02/2022 by Nidhi Khandelwal
Ukraine’s Computer Emergency Response Team (CERT-UA) has warned that Belarusian state-sponsored hackers are phishing its military members and connected individuals as part of the country’s military invasion by Russia.
“Mass phishing emails targeting private ‘i.ua’ and meta.ua’ accounts of Ukrainian military officers and related individuals have lately been spotted,” the CERT-UA warned. “Once the account is compromised, the attackers gain access to all of the messages via the IMAP protocol.”
UNC1151 is the name given by Mandiant to an unclassified threat cluster that operates with goals aligned with those of the Belarusian government. Since at least 2016, the hacking organization is thought to have been active.
In a November 2021 report, Mandiant researchers stated, “UNC1151 has targeted a wide array of governmental and business sector organizations, with an emphasis in Ukraine, Lithuania, Latvia, Poland, and Germany.” “Belarusian dissidents, media outlets, and journalists are also being targeted.”
The state-backed cyber espionage group has also been linked to the Ghostwriter disinformation campaign, which spread anti-NATO and corruption-themed narratives aimed at the governments of Lithuania, Latvia, and Poland, with the likely goal of undermining the governments and inflaming regional tensions.
UNC1151 is also suspected to be behind the January defacement attacks on various Ukrainian government websites with threatening messages.