Cybersecurity News in Asia

Features
- Featured
  
  How to talk to your board and C-suite about cyber-preparedness
  
  Thursday, June 1, 2023, 11:33 AM Asia/Singapore | Features, Newsletter, Tips
- Featured
  
  Ransomware trends APAC organizations should be mindful of
  
  Tuesday, May 30, 2023, 2:02 PM Asia/Singapore | Features, Malware & Ransomware
- Featured
  
  Generative AI – the cybercriminal’s latest tool of terror?
  
  Tuesday, May 23, 2023, 11:20 AM Asia/Singapore | Features
News
- Featured
  
  Automation and AI increase bot attack sophistication, evasiveness
  
  Thursday, June 1, 2023, 2:45 PM Asia/Singapore | Cyberthreat Landscape, News, Newsletter
- Featured
  
  Research sheds light on Cryptor-as-a-Service in the Dark Web
  
  Tuesday, May 30, 2023, 10:33 AM Asia/Singapore | News, Newsletter
- Featured
  
  Take a peek at ransomware victims’ failure points
  
  Tuesday, May 30, 2023, 10:13 AM Asia/Singapore | Malware & Ransomware, News, Newsletter
Opinions
Tips
Whitepapers
Awards 2022
Directory
E-Learning

News

Belarusian intelligence likely behind Ukrainian government website cyberattacks

By CybersecAsia editors | Tuesday, January 18, 2022, 2:12 PM Asia/Singapore

Organizations in Eastern Europe should proactively tighten their defenses in case they get caught in the mounting cyber-political cross-fire.

Last week, Ukrainian government websites were hit by a cyberattack wherein a warning “be afraid and expect the worst” was splashed across the pages.

The Ukraine suspects UNC1151 (a group linked to Belarus intelligence) to be tied to this cyber-campaign timed to cause fear and confusion at a time of political tension with Russia.

One cybersecurity expert who has been tracking UNC1151 (also known as Ghostwriter) since 2019 has commented that the group is active in Eastern Europe targeting NATO states and carrying out activity consistent with the interests of Belarus and Russia.

Said John Hultquist, VP of Intelligence Analysis, Mandiant: “Like the Ukraine, we have attributed the group to Belarus based on available evidence, but others have indicated they have ties to Russia. We believe these ties are likely and they are consistent with the group’s behavior. Ghostwriter regularly targets CMS systems as part of their operations. Typically, they target these systems to plant fabricated media stories and other content on the websites of real media outlets and other organizations. They have also previously conducted operations designed to sow division between Ukraine and Poland. This is notable because the defacements were designed to look as if they came from Polish nationalists.”

According to Ukraine deputy secretary of the national security and defence council, Serhiy Demedyuk, the cyberattack was a cover for a slew of other destructive Russian intentions and actions. Hultquist was unsurprised by this public comment, commenting: “We are very concerned that destructive attacks will be leveraged against a variety of targets in this crisis.”

Mandiant is recommending organizations in the affected regions to harden their cyber defenses proactively through measures such as recovery and reconstitution planning; network segmentation and egress restrictions, among other credential protections and network visibility protocols.