Ukrainian Troops Targeted in Phishing Attacks by Suspected Belarusian APT

Ukraine's Computer Emergency Response Team calls out UNIC1151 nation-state hacking group out of Belarus as behind the attacks.

Dark Reading Staff, Dark Reading

February 25, 2022

1 Min Read
Dark gloved hands depicting a cybercriminal typing UKRAINE on a keyboard
Source: Znakki via Shutterstock

A fresh wave of phishing attacks targeting the Ukrainian military appears to be the handiwork of the UNC1151 military hacking team out of neighboring nation Belarus, according to the Ukraine Computer Emergency Response Team (CERT).

The email — sent to victims' personal email accounts — attempts to lure the recipient to click on a malicious link that then siphons their email messages and address books to further spread the phishing campaign. UNC1151 traditionally has waged attacks for cyber-espionage purposes, according to Mandiant, and comes at a time of high cyber alert in Ukraine and elsewhere.

"Mass phishing emails have recently been observed targeting private 'i.ua' and 'meta.ua' accounts of Ukrainian military personnel and related individuals. After the account is compromised, the attackers, by the IMAP protocol, get access to all the messages. Later, the attackers use contact details from the victim’s address book to send the phishing emails," the CERT posted on its social media account, according to a report from Reuters.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights