Belarusian state-sponsored hackers are targeting the private email addresses of Ukrainian military personnel amid Russia’s invasion of Ukraine.
Ukraine’s Computer Emergency Response Team (CERT-UA) said in a Facebook post that a mass phishing campaign is targeting the private accounts belonging to Ukrainian military personnel.
“Mass phishing emails have recently been observed targeting private ai.ua’ and ameta.ua’ accounts of Ukrainian military personnel and related individuals,” the CERT-UA said late on Friday.
“After the account is compromised, the attackers, by the IMAP protocol, get access to all the messages. Later, the attackers use contact details from the victim’s address book to send the phishing emails,” it added.
The Minsk-based group called ‘UNC1151’ has been found to be behind these activities. Its members are officers of the Ministry of Defence of the Republic of Belarus.
Cyber-security firm Mandiant earlier linked the group to the Belarusian government in November last year.
The Kiev government said the ‘UNC1151’ group was behind the cyber-attack that brought down Ukrainian government websites last week.
Reports have surfaced that after attacking Ukrainian government websites and banks with massive cyber attacks, Russia-sponsored hackers were now hitting Internet infrastructure in the country to silence the locals amid a full-blown war.
The cyber invasion already cut Internet connectivity in some parts of the country after the invasion began on Thursday.
Outages also affected the Triolan Internet service provider, which services a number of cities and other areas across Ukraine, including Kharkiv.
Russia has previously been linked to DDoS attacks against Ukrainian government sites but a full blackout would mean to disable telecommunications infrastructure at the network level, and silencing Ukrainians in the process.