Ukraine suspects hacker group linked to Belarusian intelligence behind recent cyber attack

17 January 2022, 04:10 PM

Kyiv believes that a hacker group linked to Belarusian intelligence carried out a massive cyber attack that hit Ukrainian government websites last week, the Reuters news agency reported on Jan. 15, citing Deputy Secretary of the National Security and Defense Council of Ukraine Serhiy Demedyuk.

The hackers vandalized multiple website belonging to Ukrainian government bodies and ministers overnight on Jan. 14, with the website of the Ministry of Education, the Ministry of Foreign Affairs, the Diia portal (an e-government app), and others having had their usual content replaced with a threatening message.

Video of day

Demedyuk said Ukraine blamed Friday’s attack on a group known as UNC1151, and that it was cover for more destructive actions behind the scenes – the hackers also installed in government systems some malware similar to that used by a group tied to Russian intelligence, Demedyuk said.

Demedyuk, who used to head Ukraine’s cyber police, said the UNC1151 group had a track record of targeting Lithuania, Latvia, Poland, and Ukraine, and had spread narratives decrying NATO.

“The defacement of the sites was just a cover for more destructive actions that were taking place behind the scenes and the consequences of which we will feel in the near future,” Demedyuk said in written comments.

“The group specializes in cyber espionage, which is associated with the Russian special services (Foreign Intelligence Service of the Russian Federation) and which, for its attacks, resorts to recruiting or undercover work of its insiders in the right company,” Demedyuk said.

He pointed out that the malware installed on some government servers was very similar in its characteristics to that used by the ATP-29 group, a Russian group suspected of involvement in hacking the Democratic National Committee before the 2016 United States presidential election.

The official recalled that the messages left on the Ukrainian websites on Friday referred to Volhynia and Eastern Galicia, where mass killings were carried out in Nazi German-occupied Poland by the Ukrainian Insurgent Army (UPA). The episode remains a point of contention between Poland and Ukraine.

The messages were in three languages: Ukrainian, Russian and Polish. However, the hackers had used Google Translate for the Polish translation, Demedyuk said, echoing earlier statements on the attack by the Polish government.

“It is obvious that they did not succeed in misleading anyone with this primitive method, but still this is evidence that the attackers ‘played’ on Polish-Ukrainian relations (which are only getting stronger every day),” he said.

Earlier, Oleksiy Danilov, the secretary of Ukraine’s Security and Defense Council, told the UK television channel Sky News that Ukraine is “99.9%” sure Russia was behind a massive cyber-attack against Ukrainian government websites on Friday.

“We can clearly track their signature. These are the Russian specialists who perform these actions,” he said.

The Security Service of Ukraine (SBU) in turn said there are certain signs that hacker groups associated with the Russian special services were involved in the incident.

Ukraine’s State Service of Special Communication and Information Protection said about 70 websites belonging to Ukrainian government bodies and ministries had been affected.

The SBU insisted that no data had been leaked or stolen from state databases.

Follow us on Twitter, Facebook and Google News

Ukraine Today
Fresh daily newsletter covering the top headlines and developments in Ukraine
Daily at 9am EST
Show more news