US cybersecurity officials have warned that Belarusian-sponsored hackers are targeting the private email addresses of Ukrainian military personnel and countries IT infrastructure.
The announcement was made by the Facebook Post, Ukraine’s Computer Emergency Response Team (CERT-UA) said that a mass phishing campaign is targeting the private i.ua and meta.ua accounts belonging to Ukrainian military personnel.
CERT-UA, which provides cybersecurity response services to the Ukrainian public and private sectors, said that once UNC1151 hackers gained access to an account, they would use the IMAP protocol to download email messages and then use the account’s address book to send out new phishing messages to other targets.
Mandiant formally linked to the Belarusian government in November 2021, also linked the state-backed cyber-espionage group to the Ghostwriter disinformation campaign, which has been involved in spreading anti-NATO rhetoric and hack-and-leak operations throughout Europe.
Mandiant’s Ben Read said that the security company has observed UNC1151 targeting the Ukrainian military extensively over the past two years. “These actions by UNC1151, which we believe is linked to the Belarusian military, are concerning because personal data of Ukrainian citizens and military can be exploited in an occupation scenario and UNC1151 has used its intrusions to facilitate the Ghostwriter information operations campaign,”.
The UNC1151 attacks are part of a hybrid warfare strategy that Russia and its acolytes are using in Ukraine, which also included a considerable cyber component.
This included launching DDoS attacks on government websites and local banks, the deployment of data-wiping malware to destroy local computer networks, phishing attacks to compromise government accounts, waves of SMS spam messages meant to sow panic among the general population, and attempts to plant fake government data leaks.