Ukrainian cybersecurity officials have warned that Belarusian state-sponsored hackers are targeting the private email addresses of Ukrainian military personnel.
Ukraine’s (CERT-UA) said that a mass phishing campaign is targeting the private i.ua and meta.ua accounts belonging to Ukrainian military personnel.
After the account is compromised, the attackers, by the IMAP protocol, get access to all the messages, Later the attackers use contact details from the victim’s address book to send the phishing emails.
CERT-UA has attributed the ongoing campaign to the UNC1151 threat group, which Mandiant formally linked to the Belarusian government in November 2021. Mandiant also linked the state-backed cyber-espionage group to the Ghostwriter disinformation campaign, which has been involved in spreading anti-NATO rhetoric and hack-and-leak operations throughout Europe.
The Kyiv government also believes the UNC1151 group was behind the cyberattack that brought down Ukrainian government websites last week. Ukraine’s security services said that more than 70 state websites were attacked during the incident, 10 of which were subjected to unauthorized interference.
These actions by UNC1151, which we believe is linked to the Belarusian military, are concerning because personal data of Ukrainian citizens and military can be exploited in an occupation scenario and UNC1151 has used its intrusions to facilitate the Ghostwriter information operations campaign.
Ghostwriter has previously targeted the NATO alliance, seeking to erode support for the organization.