Pavel Polityuk

KYIV (Reuters) – Kyiv believes a hacker group linked to Belarusian intelligence carried out a cyberattack https://www.reuters.com/world/europe/expect-worst-ukraine-hit-by-cyberattack-russia-moves-more-troops-2022-01-14 that hit Ukrainian government websites this week and used malware similar to that used by a group tied to Russian intelligence, a senior Ukrainian security official said.

SerhiyDemedyuk was the deputy secretary for the national defense and security council. He told Reuters that Ukraine had attacked government websites Friday with threatening messages and blamed it on UNC1151 and used the attack as cover to carry out more destructive actions.

He provided the Kyiv’s first comprehensive analysis of the suspects responsible for the attack on multiple websites. Although Russian officials indicated that Russia is likely to be involved, they did not provide any details. Belarus is an ally to Russia.

The cyberattack splashed websites with a warning to “be afraid and expect the worst” at a time when Russia has massed troops https://www.reuters.com/world/europe/ukraine-crisis-what-next-after-week-talks-tension-2022-01-14 near Ukraine’s borders, and Kyiv and Washington fear Moscow is planning a new military assault on Ukraine.

Russia dismissed the fears of such a famine as “unfounded”.

Alexander Lukashenko’s office did not respond immediately to our request for comments about Demedyuk’s remarks.

Russia’s foreign minister did not immediately reply to my request for comment. Russia has repeatedly denied being involved in cyberattacks including those against Ukraine.

Demedyuk stated in writing that “the defacement of these sites was only a cover to more destructive actions behind the scenes, the consequences of which will be felt in the near future.”

He made a mention of UNC1151 and said that “this is a cyber-espionage network affiliated with special services of Belarus.”

‘TRACK RECORD’

Demedyuk used to head Ukraine’s cyber-police and claimed that they had a history of attacking Lithuania, Latvia, Poland and Ukraine. They also spread stories decrying NATO’s presence in Europe.

His statement was in reference to a suspected group that hack the Democratic National Committee prior to the 2016 U.S. Presidential election.

Demedyuk stated that the group is specialized in cyber espionage and was associated with the Russian Special Services (Foreign Intelligence Service of the Russian Federation). The attackers use the undercover or recruiting work of their insiders within the company to accomplish this.

On Friday, messages were left in Ukrainian, Russian, and Polish on three different websites. These messages referred to Volhynia as well Eastern Galicia where massive killings took place in Nazi-occupied Poland under the control of the Ukrainian Insurgent Army. This episode is still a source of dispute between Ukraine and Poland.

Demedyuk stated that hackers may have used Google Translate (NASDAQ 🙂 Translate to translate the Polish text.

“It’s obvious that they failed to fool anyone with this primitive technique, but this is still evidence that the attackers played on the Polish-Ukrainian Relations (which only get stronger by the day),” he stated.