The group has not targeted Russian or Belarusian state entities. Additionally, in several cases, individuals targeted by UNC1151 before the 2020 Belarusian election were later arrested by the Belarusian government. UNC1151 has targeted media entities in Lithuania, Poland, Ukraine, and Latvia, but we have not seen similar targeting of opposition leaders or domestic political activists in these countries. UNC1151 targeted multiple Belarusian media entities and several members of the political opposition in Belarus in the year before the 2020 Belarusian election. Though most of the activity was targeting Ukraine, some targeted Lithuania and Poland. Multiple significant intrusions into Ukrainian government entities have been conducted by UNC1151. Malware based intrusions have also focused on Eastern Europe. This has included regional webmail providers, national and local governments, and private businesses. Outside of the major American companies that are used worldwide (Facebook, Google, Twitter), most spoofed organizations have been in the five countries listed above. Since at least 2016, UNC1151 has registered credential theft domains that spoof legitimate websites to steal victim credentials. In addition to the targeting scope, UNC1151 operations have focused on obtaining confidential information and no monetization efforts have been uncovered. While there are multiple intelligence services that are interested in these countries, the specific targeting scope is most consistent with Belarusian interests. The targeting also includes Belarusian dissidents, media entities, and journalists. UNC1151 has targeted a wide variety of governmental and private sector entities, with a focus in Ukraine, Lithuania, Latvia, Poland, and Germany. 
Cyber Espionage Targeting Most Closely Aligns with Belarusian Government Interests
However, at this time, we have not uncovered direct evidence of such contributions. We cannot rule out Russian contributions to either UNC1151 or Ghostwriter. In April 2021, we released a public report detailing our high-confidence assessment that UNC1151 provides technical support to the Ghostwriter information operations campaign this assessment, along with observed Ghostwriter narratives consistent with Belarusian government interests, causes us to assess with moderate confidence that Belarus is also likely at least partially responsible for the Ghostwriter campaign. This assessment is based on technical and geopolitical indicators.
Mandiant Threat Intelligence assesses with high confidence that UNC1151 is linked to the Belarusian government. Create a Free Mandiant Advantage Account.
0 kommentar(er)
