U.S. Cybersecurity Researchers Link Belarusian Government To
Hacking, Disinformation Campaign
November 17, 2021
U.S. cybersecurity researchers say they have uncovered evidence that
the Belarusian government is linked to a hacking and disinformation
campaign against Eastern European NATO members.
Researchers with the cybersecurity firm Mandiant said in a report
issued on November 16 that the campaign, known as Ghostwriter, was
primarily aimed at sowing discord and stealing information.
The researchers said they assessed that the hacking group, which it
calls UNC1151, is linked to the Belarusian government, and the group
provides technical support to the Ghostwriter campaign.
"This assessment, along with observed Ghostwriter narratives
consistent with Belarusian government interests, causes us to assess
with moderate confidence that Belarus is also likely at least
partially responsible for the Ghostwriter campaign," Mandiant said
in its report.
Mandiant has tracked UNC1151 since 2017 and issues periodic updates
on its activity. The most recent report appears to mark the first
time Belarus has been linked to the Ghostwriter campaign.
European Union members have previously said they suspected Russian
involvement in Ghostwriter. The Mandiant report said it had no
direct proof of Russian participation but didn't rule it out.
Germany's prosecutor-general in September opened investigations into
cyberattacks targeting German politicians, and the German Foreign
Ministry blamed them on Moscow.
The Belarusian government did not immediately respond to a request
for comment, according to the AP. The Russian Embassy in Washington
did not respond to a request for comment from RFE/RL but told AP it
had no immediate comment. Russian officials regularly reject
accusations they are involved in hacking and disinformation
Ben Read, director of cyberespionage analysis at Mandiant, would not
provide details on why Mandiant is highly confident Belarus
technically assisted the hackers and why it says they are likely
located in Minsk, according to AP.
He said only that they left telltale digital footprints and that
multiple other sources corroborated Mandiant's findings that the
hackers likely were located in Minsk.
The report also said researchers believe Belarus's military is
involved with the hackers. The reports says the evidence of this has
been "directly observed by Mandiant."
The main targets of the hacking and disinformation campaign have
been NATO members Poland, Lithuania, and Latvia, as well as Ukraine.
targeted were domestic news media and political opponents of
Belarusian strongman Alyaksandr Lukashenka prior to the disputed
August 2020 election that the opposition and Western governments
have said was rigged.
The report notes that since the elections, Ghostwriter
disinformation operations have been more closely aligned to
Lukashenka's political agenda, attempting in particular to create
tensions in Polish-Lithuanian relations.
Among the false narratives disseminated were false claims that NATO
was planning to withdraw from Lithuania in response to the COVID-19
pandemic and that nuclear waste from Lithuania was threatening
Mandiant's findings come as the European Union prepares new
sanctions against Belarus over a migrant crisis on its border with
Poland, Latvia, and Lithuania.