EXCLUSIVE Ukraine suspects group linked to Belarusian intelligence services for cyberattack

A laptop screen shows a warning message in Ukrainian, Russian and Polish, which appeared on the official website of Ukraine’s Foreign Ministry after a massive cyberattack, in this illustration taken January 14, 2022. REUTERS/Valentin Ogirenko /Drawing

Join now for FREE unlimited access to Reuters.com

  • Ukrainian government websites were hit by a cyberattack
  • Russia has massed troops near Ukraine’s borders
  • The United States held security talks with Russia this week

KYIV, Jan 15 (Reuters) – Kiev believes a group of hackers linked to Belarusian intelligence services carried out a cyberattack that hit Ukrainian government websites this week and used malware similar to that used by a group linked to Russian intelligence, a senior Ukrainian security official said.

Serhiy Demedyuk, deputy secretary of the National Security and Defense Council, told Reuters that Ukraine blamed Friday’s attack – which defaced government websites with threatening messages – on a group known as the name of UNC1151 and that it was a cover for more destructive actions behind the scenes. Read more

“We have a preliminary belief that the UNC1151 group may be involved in this attack,” he said.

Join now for FREE unlimited access to Reuters.com

His comments offer Kiev’s first detailed analysis of the alleged culprits of the cyberattack on dozens of websites. On Friday, officials said Russia was likely involved but gave no details. Belarus is a close ally of Russia.

The cyber attack splashed websites with a warning to ‘be afraid and expect the worst’ at a time when Russia has massed troops near Ukraine’s borders, and Kiev and Washington fear Moscow is planning a new military assault on Ukraine.

Russia called these fears “unfounded”.

Belarusian President Alexander Lukashenko’s office did not immediately respond to a request for comment on Demedyuk’s remarks.

The Russian Foreign Ministry also did not immediately respond to a request for comment on his remarks. He has previously denied any involvement in cyberattacks, including against Ukraine.

“The degradation of the sites was just a cover for more destructive actions that were happening behind the scenes and the consequences of which we will feel in the near future,” Demedyuk said in written comments.

In a reference to UNC1151, he said: “This is a cyber-espionage group affiliated with the special services of the Republic of Belarus.”


Demedyuk, who was head of Ukraine’s cyberpolice, said the group used to target Lithuania, Latvia, Poland and Ukraine and spread stories denouncing the presence of the NATO alliance. NATO in Europe.

“The malware used to encrypt some government servers is very similar in characteristics to that used by the ATP-29 group,” he said, referring to a group suspected of being involved in the National Committee hack. Democrat ahead of the 2016 US presidential election.

“The group specializes in cyber espionage, which is associated with the Russian special services (Foreign Intelligence Service of the Russian Federation) and which, for its attacks, resorts to the recruitment or infiltration work of its insiders in the right company” , said Demedyuk.

Messages left Friday on Ukrainian sites were in three languages: Ukrainian, Russian and Polish. They referred to Volhynia and Eastern Galicia, where massacres were carried out in Nazi Germany-occupied Poland by the Ukrainian Insurgent Army (UPA). The episode remains a point of contention between Poland and Ukraine.

Demedyuk suggested the hackers used Google Translate for the Polish translation.

“It is obvious that they did not manage to deceive anyone with this primitive method, but it remains proof that the attackers ‘played’ on Polish-Ukrainian relations (which are only getting stronger every day),” said he declared.

Join now for FREE unlimited access to Reuters.com

Additional reporting by Andrey Ostroukh in Moscow; Written by Matthias Williams, edited by Timothy Heritage

Our standards: The Thomson Reuters Trust Principles.


Leave a Comment