EXCLUSIVE Ukraine suspects group linked to Belarus intelligence over cyberattack

A laptop screen shows a warning message in Ukrainian, Russian and Polish, which appeared on the official website of the Ukrainian Ministry of Foreign Affairs after a massive cyberattack, in this image taken on Jan. 14, 2022. REUTERS/Valentyn Ogirenko/Illustration

Register now for FREE unlimited access to Reuters.com

  • Ukrainian government websites hit by cyber attack
  • Russia has gathered troops near Ukraine’s borders
  • US held security talks with Russia this week

Kiev, Jan. 15 (Reuters) – Kiev believes a hacker group linked to Belarusian intelligence this week carried out a cyber attack that hit Ukrainian government websites and used malware similar to that of a group linked to Russian intelligence, a senior Ukrainian security official said.

Serhiy Demedyuk, deputy secretary of the National Security and Defense Council, told Reuters that Ukraine blamed Friday’s attack — which violated government websites with threatening messages — on a group known as UNC1151 and that it was a cover for more destructive actions. behind the scenes. read more

“We believe for now that the group UNC1151 may be involved in this attack,” he said.

Register now for FREE unlimited access to Reuters.com

His comments provide Kiev’s first detailed analysis of the suspected perpetrators behind the cyber attack on dozens of websites. Officials said on Friday that Russia was likely involved, but did not provide details. Belarus is a close ally of Russia.

The cyber attack is splashing websites with a warning to “be afraid and expect the worst” at a time when Russia has gathered troops near Ukraine’s borders, and Kiev and Washington fear Moscow is planning another military strike on Ukraine.

Russia has dismissed such fears as “unfounded”.

Belarusian President Alexander Lukashenko’s office did not immediately respond to a request for comment on Demedyuk’s comments.

The Russian Foreign Ministry also did not immediately respond to a request for comment on his comments. It has previously denied involvement in cyber attacks, including against Ukraine.

“The damage to the sites was just a cover for more destructive actions that took place behind the scenes and the effects of which we will feel in the near future,” Demedyuk said in written comments.

Referring to UNC1151, he said, “This is a cyber-espionage group affiliated with the Special Services of the Republic of Belarus.”


Demedyuk, who was formerly the head of Ukraine’s cyber police, said the group had a track record of attacking Lithuania, Latvia, Poland and Ukraine and had spread stories denouncing the NATO alliance’s presence in Europe.

“The malicious software used to encrypt some government servers is very similar in characteristics to that of the ATP-29 group,” he said, referring to a group suspected of involvement in hacking the Democratic National Committee before the Democratic National Committee. 2016 United States presidential election.

“The group specializes in cyber espionage, which is affiliated with the Russian Special Services (Foreign Intelligence Service of the Russian Federation) and which resorts for its attacks to recruiting or undercover work of its insiders in the right company,” Demedyuk said.

The messages left on the Ukrainian websites on Friday were in three languages: Ukrainian, Russian and Polish. They referred to Volhynia and Eastern Galicia, where mass killings were committed in Nazi-occupied Poland by the Ukrainian Insurgent Army (UPA). The episode remains a point of contention between Poland and Ukraine.

Demedyuk suggested that the hackers had used Google Translate for the Polish translation.

“Obviously they have failed to mislead anyone with this primitive method, yet this is proof that the attackers ‘played’ on Polish-Ukrainian relations (which are only getting stronger every day),” he said. .

Register now for FREE unlimited access to Reuters.com

Additional reporting by Andrey Ostroukh in Moscow; Writing by Matthias Williams, editing by Timothy Heritage

Our Standards: The Thomson Reuters Trust Principles.


Leave a Comment