Connect with us

Hi, what are you looking for?


Ukraine links Belarusian hackers to phishing targeting its military

The Computer Emergency Response Team of Ukraine (CERT-UA) warned today of a spearphishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel.

Accounts compromised in these attacks are then used to send additional phishing messages to contacts in the victims’ address books.

The phishing emails are being sent from two domains (i[.]ua-passport[.]space and id[.]bigmir[.]space), the former trying to impersonate the free Internet portal providing email services to Ukrainians since 2008.

“Mass phishing emails have recently been observed targeting private ‘’ and ‘’ accounts of Ukrainian military personnel and related individuals,” CERT-UA said earlier today.

“After the account is compromised, the attackers, by the IMAP protocol, get access to all the messages. Later, the attackers use contact details from the victim’s address book to send the phishing emails.”

The emails ask the targets to click an embedded link to verify their contact information and avoid having their email accounts permanently suspended.

Attacks linked to Belarusian hacking group

CERT-UA’s report attributes this ongoing phishing campaign to the UNC1151 threat group, linked by Mandiant researchers with high confidence in November 2021 to the Belarusian government and a hacking operation the company tracked as Ghostwriter.

Advertisement. Scroll to continue reading.

Mandiant also found evidence supporting a link between the UNC1151 operators and the Belarusian military, confirming CERT-UA’s assessment that the attackers are actually military cyberspies and officers of the Belarus Ministry of Defense.

“The Minsk-based group ‘UNC1151’ is behind these activities. Its members are officers of the Ministry of Defense of the Republic of Belarus,” CERT-UA added,

Today, the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) also warned Ukrainian citizens of another active phishing campaign targeting them with malicious documents.

“The enemy forces aim to gain access to the electronic devices of Ukrainians to gather a large amount of information,” SSSCIP said,

A separate alert issued by Slovak internet security firm ESET says cybercriminals are also impersonating humanitarian organizations in attempts to scam those who would want to donate to organizations focused on helping Ukraine during the ongoing war started by Russia’s invasion on Thursday morning.

Cyberattacks part of a hybrid warfare campaign

These developments come on the heels of data-wiping attacks against Ukrainian networks, using the HermeticWiper malware and ransomware decoys to destroy data on targets’ devices and render them unbootable.

As Vikram Thakur, Technical Director at Symantec Threat Intelligence, told BleepingComputer, targets that were hit in this week’s wiper attacks also included finance and government contractors from Latvia and Lithuania.

This was the second time since the start of the year that Ukrainian organizations have been hit by data wipers after the destructive WhisperGate malware was deployed in attacks targeting Ukraine disguised as ransomware in January.

The February DDoS and malware attacks that hit Ukrainian networks align with the Security Service (SSU) Ukraine saying just over a week ago that the country is being targeted by a “massive wave of hybrid warfare.”

Advertisement. Scroll to continue reading.

Click to comment

Leave a Reply



A Kemp’s Ridley sea turtle, the world’s rarest and most endangered sea turtle species, recently made the Galveston shoreline its home, laying eggs on...


Firefighters battled an apartment fire in South Hall Monday afternoon, according to authorities. Hall County firefighters were on scene before 5 p.m. Monday, Aug....


The Biden administration will halt the use of a Trump-era policy that forced migrants seeking asylum to remain in Mexico, after a Supreme Court...


Comment on this storyComment PARIS — French environmentalists will try to move a dangerously thin beluga whale that strayed into the Seine River last...

Online Business Success

British-Pakistani member of the House of Lords Aamer Sarfraz. — Photo by author Lord Aamer Sarfraz seeks to end regressive conditions to IMF loans. “We...


GAINESVILLE, Fla. – With the start of the fall semester now drawing near with the arrival of August, members of the Florida baseball program...


You May Also Like


Introductions get a lot of attention. I’ve explored the topic of how to write them even though as a reader, I always skip them....

Online Business Success

The internet is now our nervous system. We are constantly streaming and buying and watching and liking, our brains locked into the global information...

SEO Guide

There are all kinds of pictures of the world on the internet, but to find one of these specific pictures that you want to...

Online Business Success

You can think of link building in many ways. I like to call it tedious, painful, and a test of patience. It’s also necessary...