Hacktivist Group Breaches Belarusian Weapons Manufacturer
Ukraine's Computer Emergency Response Team is warning of a massive spearfishing campaign targeting personal accounts of Ukrainian military personnel and related individuals. CERT-UA attributes the activities to the UNC1151 group, which consists of officials from the Ministry of Defense of the Republic of Belarus.
"Large-scale spearphishing campaigns have recently been observed targeting the private 'i.ua' and 'meta.ua' accounts of Ukrainian military personnel and related individuals. After the account was compromised, all messages were sent to attackers by the IMAP protocol. Later, attackers use contact details from the victim's address book to send phishing emails," Ukraine's computer emergency response team said in a statement on Facebook.
The agency issued a follow-up statement that attributed the attacks to the Minsk-based group UNC1151 – aka Ghostwriters – behind these activities.
UNC1151 is a state-sponsored cyber espionage actor engaging in credential harvesting and malware campaigns (see: 'Ghostwriter' propaganda campaign targeting NATO allies).
In a statement to ISMG, security firm Mandient confirmed that "the domains mentioned in the CERT.UA Facebook post are due to UNC1151."
Mandiant director Ben Reid said the activity matches the historical pattern of efforts targeting the Ukrainian military over the past two years (see: Destructive Malware Discovered Targeting Ukrainian Systems).
UNC1151 is at play," tweeted John Haltquist, vice president of intelligence analysis at Mandient. "Beware of hacks and leaks, fake documents and content, and information placed on real media sites. Maybe something designed to demean the support of the Ukrainian military or to suggest a rift within and within the NATO alliance."
UNC1151 is in play. Watch out for hack and leak, fake documents and content, and information planted on real media sites. Maybe something designed to degrade support for the Ukrainian military or suggest fissures with and within the NATO alliance.https://t.co/7oAnTYspbx
— John Hultquist🌻 (@JohnHultquist) February 25, 2022
Exposing arms dealer
Hacktivist Collective 'Anonymous' and the Pwn-Br international hack team claim they have successfully breached Belarusian arms manufacturer Tetraedr after declaring cyber war against Russia and its allies. The group of Hacktivists also uncovered over 200GB of email from the creator.
Some more groups are now active - #anonymous #liberland and #pwnbar hack team.
— CyberKnow (@Cyberknow20) February 26, 2022
Have leaked military data from #belarus #cybersecurity #infosec #threatintel #Ukraine #RussiaUkraineWar pic.twitter.com/WeTKnZ2svz
The group says it stands for unrestricted access to information and announced the launch of #OpCyberBullyPutin, ridiculing Russia and CIS countries for their lack of preparedness for cyber warfare.
"Tetraedr is a scientific and industrial private unitary enterprise specializing in the development and manufacture of advanced radio-electronic weapons systems, the development and manufacture of hardware and software used in radar and radio electronic control assets, the upgrade of air defense missile systems is," the group says.
The group of hacktivists says weapons manufacturer Tetraedr did not patch ProxyLogon in 2022, enabling the Pwn-Bär team to hack them and copy their mailpool.
Meanwhile, the Ukrainian Defense Ministry has reportedly issued a call for Ukrainian hackers to protect their networks and potentially tap into Russian infrastructure (see: Ukraine Allegedly Calls for Volunteer Cyber Warriors) ).
According to Reuters, the country is looking to its underground to field a team of digital volunteers to serve as a line of Ukrainian defense, including spying on Russian soldiers. Sign-up requests reportedly started circulating on Thursday.
"Ukrainian cyber community! It's time to join the cyber defense of our country," the report says. It reportedly urges hackers to submit applications via Google Docs -- and to uncover any background in malware development.
The report said the teams would be divided between "defensive" - protecting critical infrastructure, and "offensive", which involves supporting the Ukrainian military in digital espionage. Reuters wrote that organizers have already received hundreds of applications that they are now reviewing - specifically for potential Russian agents.
The post was reportedly written by Yegor Aushev, co-founder of cyber security company Cyber Unit Technologies, which has a contract with the Ukrainian government. Aushev reportedly said the request came from the country's defense ministry, although the ministry did not confirm the move in initial media reports.