JAKARTA - The Ukrainian government believes a hacking group linked to Belarusian intelligence has carried out a cyberattack that attacked a Ukrainian government website this week. According to a senior Ukrainian security official, they were suspected of using malware similar to that used by groups linked to Russian intelligence.
Serhiy Demedyuk, deputy secretary of Ukraine's national security and defense council, told Reuters that Ukraine blamed Friday's attack - which vandalized a government website with threatening messages - on a group known as UNC1151.
"We believed earlier that the UNC1151 group may have been involved in this attack," Demedyuk said.
His comments offer the first detailed analysis by Kyiv of the alleged perpetrators behind cyber attacks on dozens of websites. Officials on Friday, January 14, said Russia might be involved but gave no further details. Belarus is itself a known close ally of Russia.
The cyberattack briefly splashed websites with warnings to "fear and hope for the worst" at a time when Russia had amassed troops near the Ukrainian border, and Kyiv and Washington feared Moscow was planning a new military offensive in Ukraine.
Russia itself has dismissed such fears as "baseless". The Office of the President of Belarus, Alexander Lukashenko, did not immediately respond to a request for comment on Demedyuk's remarks.
The Russian Foreign Ministry also did not immediately respond to a request for comment on Demedyuk's remarks. They have previously denied involvement in cyber attacks, including against Ukraine.
"Defamation of the site's name is only to cover up the destructive actions that are happening behind the scenes and the consequences that we will feel in the near future," said Demedyuk in his written comments.
In reference to UNC1151, he said: "This is a cyber espionage group affiliated with the special services of the Belarusian Republic."
Demedyuk, who was once the head of Ukraine's cyber police, said the group had a track record of targeting Lithuania, Latvia, Poland and Ukraine and had spread narratives condemning the NATO alliance's presence in Europe.
"The malicious software used to encrypt some government servers is very similar in characteristics to that used by the ATP-29 group," he said, referring to a group suspected of involvement in the hacking of the Democratic National Committee before the 2016 US presidential election.
"This group specializes in cyber espionage, which is linked to the Russian special services (Foreign Intelligence Service of the Russian Federation) and which, for its attacks, uses recruitment or insider disguise in the right companies," Demedyuk said.
The message left on the Ukrainian website last Friday appeared in three languages: Ukrainian, Russian and Polish. They referred to Volhynia and Eastern Galicia, where mass killings were carried out in Nazi-occupied Poland by the Ukrainian Rebel Army (UPA). The episode remains a point of contention between Poland and Ukraine.
Demedyuk suggested the hackers had used Google Translate for the Polish translation.
"It is clear that they did not manage to mislead anyone with these primitive methods, but nonetheless this is evidence that the attackers are 'playing' on Polish-Ukrainian relations (which are getting stronger by the day)," he said.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)