Organizations in Eastern Europe should proactively tighten their defenses in case they get caught in the mounting cyber-political cross-fire.
Last week, Ukrainian government websites were hit by a cyberattack wherein a warning “be afraid and expect the worst” was splashed across the pages.
The Ukraine suspects UNC1151 (a group linked to Belarus intelligence) to be tied to this cyber-campaign timed to cause fear and confusion at a time of political tension with Russia.
One cybersecurity expert who has been tracking UNC1151 (also known as Ghostwriter) since 2019 has commented that the group is active in Eastern Europe targeting NATO states and carrying out activity consistent with the interests of Belarus and Russia.
Said John Hultquist, VP of Intelligence Analysis, Mandiant: “Like the Ukraine, we have attributed the group to Belarus based on available evidence, but others have indicated they have ties to Russia. We believe these ties are likely and they are consistent with the group’s behavior. Ghostwriter regularly targets CMS systems as part of their operations. Typically, they target these systems to plant fabricated media stories and other content on the websites of real media outlets and other organizations. They have also previously conducted operations designed to sow division between Ukraine and Poland. This is notable because the defacements were designed to look as if they came from Polish nationalists.”
According to Ukraine deputy secretary of the national security and defence council, Serhiy Demedyuk, the cyberattack was a cover for a slew of other destructive Russian intentions and actions. Hultquist was unsurprised by this public comment, commenting: “We are very concerned that destructive attacks will be leveraged against a variety of targets in this crisis.”
Mandiant is recommending organizations in the affected regions to harden their cyber defenses proactively through measures such as recovery and reconstitution planning; network segmentation and egress restrictions, among other credential protections and network visibility protocols.