Ukraine says Belarusian hackers are focusing on its protection forces – TechCrunch

Ukrainian cybersecurity officers have warned that Belarusian state-sponsored hackers are focusing on the non-public e-mail addresses of Ukrainian navy personnel.

Announcing the activity in a Facebook post, Ukraine’s Laptop Emergency Response Staff (CERT-UA) stated {that a} mass phishing marketing campaign is focusing on the non-public i.ua and meta.ua accounts belonging to Ukrainian navy personnel.

“After the account is compromised, the attackers, by the IMAP protocol, get entry to all of the messages,” it added. “Later, the attackers use contact particulars from the sufferer’s tackle guide to ship the phishing emails.”

CERT-UA has attributed the continuing marketing campaign to the UNC1151 risk group, which Mandiant formally linked to the Belarusian authorities in November 2021. Mandiant additionally linked the state-backed cyber-espionage group to the Ghostwriter disinformation marketing campaign, which has been concerned in spreading anti-NATO rhetoric and hack-and-leak operations all through Europe.

“The Minsk-based group ‘UNC1151’ is behind these actions. Its members are officers of the Ministry of Defence of the Republic of Belarus,” CERT-UA wrote.

The Kyiv authorities additionally believes the UNC1151 group was behind the cyberattack that introduced down Ukrainian authorities web sites final week, Serhiy Demedyuk, the deputy secretary of the nationwide safety and protection council of Ukraine, told Reuters. Ukraine’s safety companies stated that greater than 70 state web sites had been attacked in the course of the incident, 10 of which had been subjected to unauthorized interference.

Mandiant’s Ben Learn instructed TechCrunch that the safety firm has noticed UNC1151 focusing on the Ukrainian navy extensively over the previous two years, “so this exercise matches their historic sample.” 

“These actions by UNC1151, which we imagine is linked to the Belarusian navy, are regarding as a result of private knowledge of Ukrainian residents and navy could be exploited in an occupation situation and UNC1151 has used its intrusions to facilitate the Ghostwriter data operations marketing campaign,” Learn added. “Leaking deceptive, or fabricated paperwork taken from Ukrainian entities might be leveraged to advertise Russia and Belarus pleasant narratives.”

“Ghostwriter has beforehand focused the NATO alliance, in search of to erode assist for the group,” stated Learn. “I wouldn’t be stunned if related operations had been seen within the close to future.”