THE ASSOCIATED PRESS
Cybersecurity researchers say they have uncovered evidence that Belarus has been involved in a hybrid hacking and disinformation campaign against Eastern European NATO members since 2016 that aimed to sow discord in the military alliance, steal confidential information and spy on dissidents.
The November 2021 report by the prominent U.S. cybersecurity firm Mandiant appears to mark the first time Belarus has been blamed in the campaign known as Ghostwriter.
European Union members have said they suspected involvement by Belarus’ close ally Russia, and Poland has directly accused Moscow of hacking government officials’ emails and leaking them online.
While Mandiant said it had compelling forensic evidence that Belarus was involved in the hacking — whose targets have also included German lawmakers — it said it had no direct proof of Russian participation.
Mandiant is among the most careful and highly respected cyber-sleuthing practitioners. It works closely with Western law enforcement and intelligence agencies and has been closely tracking Ghostwriter activity and issuing periodic updates.
Its director of cyber-espionage analysis, Ben Read, would not detail why Mandiant is highly confident the Belarus government technically assisted the hackers and why it says they are likely located in Minsk, the country’s capital. He said only that they left telltale digital footprints and that multiple other sources corroborated Mandiant’s findings. Nor did he explain why researchers believe Belarus’ military is also involved with the hackers, which Mandiant calls UNC1151, declining to disclose the information to protect sources and methods.
The main targets of the hacking and disinformation campaign have been Latvia, Lithuania and Poland, NATO members on the alliance’s tense eastern edge, as well as Ukraine, which has been in a military conflict with Russia-backed separatists since 2014.
But also targeted were domestic news media and political opponents of Moscow-allied Belarusian strongman Alexander Lukashenko prior to the 2020 election. He is accused of rigging his reelection, which triggered massive street protests that his security forces violently repressed. Some of those opponents were later arrested, Mandiant said.
Mandiant’s findings come as the European Union has slapped new sanctions on Belarus for ginning up a crisis on its border with Poland, Latvia and Lithuania by encouraging thousands of migrants from Iraq, Syria and elsewhere in the Middle East to mass at the frontier seeking a way into the EU.
Analysts believe Lukashenko is taking revenge for previous EU sanctions imposed over his alleged election rigging and his anger over Poland granting dissidents political refuge.
Germany accused Russia in September 2021 of trying to steal data from state and federal lawmakers ahead of September 26, 2021, parliamentary elections through a hacking campaign it attributed to Ghostwriter. If any information was stolen in that campaign or access to sensitive computer networks gained, there is no evidence to date of it being used as a political weapon, Mandiant’s Read said.
Ghostwriter’s yearslong disinformation efforts were primarily focused on trying to discredit NATO and undercut regional security in Latvia, Lithuania and Poland. False narratives were disseminated through hacks of legitimate news outlets, government websites and spoofed emails.
In one instance, it was claimed that NATO was planning to withdraw from Lithuania in response to the COVID-19 pandemic. Another bogus report claimed German Soldiers had desecrated a Jewish cemetery in that country. In another operation, a fabricated letter posted on a Polish military academy website called on Polish troops to resist the “American occupation.”
IMAGE CREDIT: ISTOCK