Ukraine’s government says there is evidence that a hacker group with ties to Belarus’ secret service is behind Friday’s hacking attack. For the attack, the hackers used ransomware previously deployed by Russian intelligence. The government of President Alexander Lukashenko has not yet commented on the allegations.
That is what deputy secretary of the National Security and Defense Council Serhiy Demedyuk told Reuters news agency.
Ukrainian government websites hacked
Last Friday it was announced that several Ukrainian government websites had been shut down by hackers. The following warning appeared on the sites in Ukrainian, Polish and Russian:
“Ukraine! All your personal data has been uploaded to a public network. All data on the computer has been destroyed, it is impossible to recover. All information about you has been made public, be afraid and expect the worst. This is for your past, present and future. For Volyn, OUN, UPA, Galitsia, Polesye and for historic lands.”
The sites were put back online soon after the attack. It also appeared that no personal data or other confidential information had been stolen.
Ukraine: ‘UNC1151 responsible for hacking attacks’
The key question is: who is responsible for this hacking attack? Initially, it was suggested that Russia might be playing tricks on this. The government of Russian President Vladimir Putin has denied all allegations and dismissed them as “baseless”.
Sunday we hear different sounds. Ukrainian government official Demedyuk tells Reuters news agency that there are indications that Belarus’ secret service is behind the attack. According to him, the hacker group UNC1151 was urged by the intelligence service to carry out the hacking attacks.
“The taking down of the sites was just a cover for more destructive actions that took place behind the scenes. We will see more of that in the near future,” Demedyuk told Reuters. What he means by “more destructive actions” is unclear.
This is what we know about NC1151
According to cybersecurity firm Mandiant, UNC1151 is a hacker group that has previously attacked government and private sector targets mainly in Eastern European countries. Countries such as Ukraine, Lithuania, Latvia and Poland have been targeted on more than one occasion. This also applies to dissidents, journalists and independent media in Belarus.
The aim of the members of UNC1151 was to cause as much chaos as possible and to loot confidential information. Making money through extortion was never at the top of the list. The hacker group has been active since at least 2016 and has close ties to the government of President Lukashenko and Russian intelligence services.
According to Demedyuk, the group specializes in cyber espionage. To carry out cyberattacks, members go undercover at the organization they target or recruit employees to do the dirty work.
Microsoft finds ‘destructive malware’
Microsoft reports in a blog that it has found “destructive malware” on several computer systems of Ukrainian government agencies and organizations. The malware masqueraded as ransomware. Once the attacker remotely enabled the ransomware, the systems crashed completely. “Until now, we have not identified any visible similarities between the unique characteristics of the group behind these attacks and groups we have traditionally tracked. We will continue to analyze the activities,” said Microsoft.
The American hardware and software company says it first became acquainted with this malware on Thursday, January 13. Microsoft has now built protection against this malware into several of its services. “We see no evidence that these attacks exploit vulnerabilities in Microsoft products and services,” the company said in a statement.
Catch up on more articles here
Follow us on Twitter here