Ukrainian cybersecurity officers have warned that Belarusian state-sponsored hackers are concentrating on the personal e-mail addresses of Ukrainian army personnel.
Saying the exercise in a Fb publish, Ukraine’s Laptop Emergency Response Crew (CERT-UA) mentioned {that a} mass phishing marketing campaign is concentrating on the personal i.ua and meta.ua accounts belonging to Ukrainian army personnel.
“After the account is compromised, the attackers, by the IMAP protocol, get entry to all of the messages,” it added. “Later, the attackers use contact particulars from the sufferer’s handle guide to ship the phishing emails.”
CERT-UA has attributed the continued marketing campaign to the UNC1151 risk group, which Mandiant formally linked to the Belarusian authorities in November 2021. Mandiant additionally linked the state-backed cyber-espionage group to the Ghostwriter disinformation marketing campaign, which has been concerned in spreading anti-NATO rhetoric and hack-and-leak operations all through Europe.
“The Minsk-based group ‘UNC1151’ is behind these actions. Its members are officers of the Ministry of Defence of the Republic of Belarus,” CERT-UA wrote.
The Kyiv authorities additionally believes the UNC1151 group was behind the cyberattack that introduced down Ukrainian authorities web sites final week, Serhiy Demedyuk, the deputy secretary of the nationwide safety and protection council of Ukraine, instructed Reuters. Ukraine’s safety companies mentioned that greater than 70 state web sites had been attacked through the incident, 10 of which had been subjected to unauthorized interference.
Mandiant’s Ben Learn instructed TechCrunch that the safety firm has noticed UNC1151 concentrating on the Ukrainian army extensively over the previous two years, “so this exercise matches their historic sample.”
“These actions by UNC1151, which we imagine is linked to the Belarusian army, are regarding as a result of private knowledge of Ukrainian residents and army may be exploited in an occupation situation and UNC1151 has used its intrusions to facilitate the Ghostwriter info operations marketing campaign,” Learn added. “Leaking deceptive, or fabricated paperwork taken from Ukrainian entities might be leveraged to advertise Russia and Belarus pleasant narratives.”
“Ghostwriter has beforehand focused the NATO alliance, searching for to erode help for the group,” mentioned Learn. “I wouldn’t be stunned if related operations had been seen within the close to future.”
