Report implicates Belarus in anti-NATO cybercampaign


BOSTON (AP) – Cyber ​​security researchers say they have uncovered evidence that Belarus has been involved in a hybrid campaign of hacking and disinformation against NATO members in Eastern Europe since 2016 that was aimed at sowing discord in the military alliance, to steal confidential information and spy on dissidents.

Tuesday’s report by prominent US cybersecurity firm Mandiant appears to mark the first time Belarus has been blamed in the campaign known as the Ghostwriter. Members of the European Union said they suspected the involvement of Russia, a close ally of Belarus, and Poland directly accused Moscow of hacking government officials’ emails and leaking them. in line.

While Mandiant said he had compelling forensic evidence that Belarus was involved in the hack – the targets of which also included German lawmakers – he said he had no direct evidence of Russian involvement, although this does not exclude it and attribution of cyber operations can be difficult.

The Belarusian government did not immediately respond to a request for comment. A press secretary at the Russian Embassy in Washington did not immediately comment on Russia’s alleged involvement in Ghostwriter. Russian officials routinely reject accusations that they are involved in hacking and disinformation activities.

Mandiant is one of the most cautious and respected cyber detective practitioners. He works closely with Western law enforcement and intelligence agencies and has closely followed Ghostwriter’s activity and issued periodic updates.

Its director of cyber espionage analysis, Ben Read, did not elaborate on why Mandiant is very confident that the Belarusian government has technically aided the hackers and why he says they are likely located in Minsk, the capital of the country. country. He only said that they left revealing digital footprints and that several other sources corroborated Mandiant’s findings. He also did not explain why researchers believe the Belarusian military is also involved in the hackers, which Mandiant calls UNC1151, refusing to release the information to protect sources and methods.

The main targets of the hacking and disinformation campaign have been Poland, Lithuania and Latvia, NATO members on the eastern edge of the alliance, as well as Ukraine, which is in a military conflict of low intensity with separatists backed by Russia since 2014.

But national media and political opponents of Belarusian strongman Aleksander Lukashenko, an ally of Moscow, were also targeted ahead of the 2020 elections. He is accused of rigging his re-election, which sparked massive street protests that he said. its security forces violently repressed. Some of those opponents were later arrested, Mandiant said.

Mandiant’s findings come as the European Union has imposed new sanctions on Belarusians for triggering a crisis on its border with Poland, Latvia and Lithuania by encouraging thousands of migrants from Iraq, Syria and the United States. elsewhere in the Middle East to congregate at the border in search of a way into the European Union.

Analysts believe Lukashenko is taking revenge on previous EU sanctions imposed for his alleged electoral rigging and his anger at Poland for giving dissidents political refuge.

In September, Germany accused Russia of attempting to steal data from state and federal lawmakers ahead of the September 26 parliamentary election through a hacking campaign it attributed to Ghostwriter. Whether information was stolen during this campaign or if access to sensitive computer networks was gained, there is no evidence to date that it is being used as a political weapon, Mandiant’s Read said.

The disinformation efforts carried out for years by Ghostwriter were aimed primarily at discrediting NATO and undermining regional security in Lithuania, Latvia and Poland. False stories have been spread through hacks of legitimate media, government websites and scam emails.

In one case, it was claimed that NATO was planning to withdraw from Lithuania in response to the COVID-19 pandemic. Another false report claimed that German soldiers had desecrated a Jewish cemetery in that country. In another operation, a fabricated letter posted on a website of a Polish military academy called on Polish troops to resist “the American occupation”.

Since the disputed August 2020 elections in Belarus, Ghostwriter’s operations have been more closely aligned with Lukashenko’s political agenda, in particular attempting to create tensions in Polish-Lithuanian relations.

In March, two Polish government websites were hacked and used to briefly broadcast a false claim that nuclear waste from Lithuania threatened Poland. On August 17, a falsified press article alleging that migrants who escaped from a detention center murdered a Polish priest was published on the website of the Lithuanian municipality of Prienai, whose mayor was quoted in local media as saying the site had been hacked, Mandiant said.

While most of the UNC1151 hacks targeted Belarus’s neighbors, some were carried out against countries with no obvious connection to it, Mandian noted. This includes phishing emails sent in 2019 to the Colombian, Irish and Swiss governments, he said.


Comments are closed.