According to a senior Ukrainian security official, a hacker group affiliated with Belarusian intelligence carried out a cyberattack that this week hit Ukrainian government websites, using malware similar to that of a group associated with Russian intelligence.
Serhiy Demedyuk, deputy secretary of the National Security and Defense Council, told Reuters that Ukraine blamed Friday’s attack — which violated government websites with threatening messages — on a group known as UNC1151 and that it was a cover for more destructive actions. behind the scenes.
“We believe for now that the group UNC1151 may be involved in this attack,” he said.
His comments provide Kiev’s first detailed analysis of the suspected perpetrators behind the cyber attack on dozens of websites. Officials said on Friday that Russia was likely involved, but did not provide details. Belarus is a close ally of Russia.
The cyber attack is splashing websites with a warning to “be afraid and expect the worst” at a time when Russia has gathered troops near Ukraine’s borders, and Kiev and Washington fear Moscow is planning another military strike on Ukraine.
Russia has dismissed such fears as “unfounded”.
Belarusian President Alexander Lukashenko’s office did not immediately respond to a request for comment on Demedyuk’s comments.
The Russian Foreign Ministry also did not immediately respond to a request for comment on his comments. It has previously denied involvement in cyber attacks, including against Ukraine.
“The damage to the sites was just a cover for more destructive actions that took place behind the scenes and the effects of which we will feel in the near future,” Demedyuk said in written comments.
Referring to UNC1151, he said, “This is a cyber-espionage group affiliated with the Special Services of the Republic of Belarus.”
Demedyuk, who was formerly the head of Ukraine’s cyber police, said the group had a track record of attacking Lithuania, Latvia, Poland and Ukraine and had spread stories denouncing the NATO alliance’s presence in Europe.
“The malicious software used to encrypt some government servers is very similar in characteristics to that of the ATP-29 group,” he said, referring to a group suspected of involvement in hacking the Democratic National Committee before the Democratic National Committee. 2016 United States presidential election.
“The group specializes in cyber espionage, which is affiliated with the Russian Special Services (Foreign Intelligence Service of the Russian Federation) and which resorts for its attacks to recruiting or undercover work of its insiders in the right company,” Demedyuk said.
The messages left on the Ukrainian websites on Friday were in three languages: Ukrainian, Russian and Polish. They referred to Volhynia and Eastern Galicia, where mass killings were committed in Nazi-occupied Poland by the Ukrainian Insurgent Army (UPA). The episode remains a point of contention between Poland and Ukraine.
Demedyuk suggested that the hackers had used Google Translate for the Polish translation.
“Obviously they have failed to mislead anyone with this primitive method, yet this is proof that the attackers ‘played’ on Polish-Ukrainian relations (which are only getting stronger every day),” he said. .
© Thomson Reuters 2022
Check out the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2022 hub.