Ukraine suspects hackers located with diagrams of Belarus of imposing on their sites
Deputy Chairman of the National Security and Defense Council of Ukraine Sergei Demedyuk said in an interview with Reuters that a hacker group associated with the Belarusian special services could be behind the recent cyber attack on Ukrainian government websites. About Belarusian hackers who have connections with Russian structures, independent terrorists and the American cybersecurity agency Mandiant.
On the night of January 14, hackers hacked into the websites of the ministries of ministers of Ukraine and departments there for dealing with threats at three levels: Ukrainian, Russian and Polish. In particular, the websites of the Cabinet of Ministers, the Ministry of Foreign Affairs, the Ministry of Sports, the Ministry of Energy, the Ministry of Agrarian Policy, the Ministry of Veterans Affairs and the website of the State Treasury did not work. The government services portal was also subjected to a cyberattack.
According to Demedyuk, who previously served as head of the cyber police department in the national police of Ukraine, the attack was carried out by Belarusian hackers from a group united as UNC1151. “This is a group that is engaged in cyber espionage and distribution with the special services of the Republic of Belarus,” a Ukrainian official told Reuters in an interview.
According to him, in the past, “UNC1151” attacked Lithuania, Poland, Latvia and Ukraine, and also spread propaganda with penetration into Europe.
At the same time, Demidyuk said that the attack on Ukrainian government websites is reminiscent of the attack by the ATP 29 hacker group. According to Western intelligence agencies, this is due to the state and special services of the structure, as well as “Cozy Bear”, which in the past was behind the cyber attack on the servers of the US Democratic Party in 2016. She also damaged the computers of the Republican Party last summer.
“The malicious software that encrypted some of the identified servers appears to be similar in characteristics to the fact that the objects used ATP 29,” Demidyuk said, to recruit or infiltrate their agents into the right company.
Russian authorities have repeatedly denied involvement in computers in the United States and other Western countries. On Friday, the Russian FSB announced the arrest of hackers from the REvil group, which includes the use of suspicion in hacking into the servers of the US fuel pipeline Colonial Pipeline. These arrests were made at the request of the US.
Demidyuk is convinced that behind the hacking of sites and the placement of dangerous messages to detect more serious actions, which he, however, did not specify. “It was just an opening for more destructive actions that were not taken into account and the consequences of which we will feel in the near future,” he said.
The choice of three languages for Ukraine and the mention of regions, messages where the Ukrainian Insurgent Army was active in the 1940s, according to Demedyuk, was an experienced hacker infected with pulmonary tuberculosis between Kiev and Warsaw. “Of course, they didn’t manage to deceive anyone with this original method,” he said, examining that relations between the six countries are “strengthening day by day.”
Demidyuk suggested that the text of the disease in Polish was translated through Google Translate.
What is known about the group “UNC1151”
Earlier, Oleksiy Danilov, a member of the Ukrainian National Security and Defense Council, said in an interview with the British Sky News channel that “the secretary with a 99.9% probability” was involved in the attack by Russia. U.S. Deputy Secretary of State Victoria Nuland said on Saturday that the cyberattack was consistent with tactics already practiced by Moscow.
“I can just say that this is part of a scheme that has been tried in Russia, as you know, around the world,” Nuland said in an interview with the Financial Times.
Meanwhile, Western experts are now talking about a direct link between “UNC1151” and the borders of Belarus. In particular, November report The American cybersecurity agency Mandiant confidently stated that this group controls the Belarusian armed forces.
According to Mandiant, it was “UNC1151” who was behind the hacker campaign, united by Western intelligence agencies as Ghostwriter. It was directed against Western targets and infiltrating its own hacks, sending phishing messages and spreading propaganda.
How Wired edition citing Mandiant, during the Ghostwriter campaign, the group engaged in “spreading fake news stories and even hacking real news websites and posting false content on them.” “She also instigated the hacking of government officials’ social media accounts to blackmail and publish disinformation,” Lithuania, Latvia and Germany wrote.
At the same time, Mandiant experts do not exclude the connection of “UNC1151” with similar circular structures, since the interests of Russia and Europe are largely the same. They also found that their tactics, techniques and procedures (TTP is a term used by cybersecurity professionals) were repeated on many occasions.
“Given the close relationship between the two meetings, their collaboration seems possible,” Mandiant said in the analysis. [в работе “UNC1151”] government of Russia.