By Raphael Satter
LONDON (Reuters) – Ukrainian cybersecurity officials say hackers from neighbouring Belarus are targeting the private email addresses of Ukrainian military personnel “and related individuals”.
In an announcement posted to Facebook, Ukraine’s Computer Emergency Response Team (CERT) said the hackers were using password-stealing emails to break into Ukrainian soldiers’ email accounts and using the compromised address books to send further malicious messages.
The CERT blamed a group code-named “UNC1151” for the hacking, identifying its members as Minsk-based officers of the Belarusian military.
Belarus’ Embassy in London did not immediately return a message seeking comment.
Ukraine has been buffeted by digital intrusions and denial-of-service actions both in the run-up to and during the Russian invasion which began on Thursday. Belarus has offered its territory as a launchpad for Russian forces, allowing Moscow’s forces to rapidly push toward Ukraine’s capital Kyiv.
Western cybersecurity researchers have increasingly seen signs that Belarus and Russia could be coordinating their malicious activities in cyberspace.
Benjamin Read, a director with U.S. cybersecurity firm Mandiant, said he reviewed Ukraine’s new cybersecurity alert and concluded it showed hacking by a Belarus-linked hacking group, code-named UNC1151.
“These actions by UNC1151, which we believe is linked to the Belarussian military, are concerning because personal data of Ukrainian citizens and military can be exploited in an occupation scenario,” Read said in a statement.
UNC1151 is known, Read explained, for stealing and then leaking sensitive information to influence public opinion. They have “previously targeted the NATO alliance, seeking to erode support for the organization.”
(Reporting by Raphael Satter; editing by John Stonestreet, Tomasz Janowski and Jonathan Oatis)