Friday’s cyberattack targeting Ukrainian government agencies was carried out by a group linked to Belarusian intelligence services – and not by Russians, as originally claimed – according to a senior Kiev security official.
"Our preliminary belief is that the group UNC1151 may be involved in this attack," the deputy secretary of Ukraine’s National Security and Defense Council, Sergey Demedyuk, said in a written comment to Reuters.
The “cyber-espionage group” in question is understood to be “affiliated with the special services of the Republic of Belarus,” according to the official.
The strike against the government’s websites “was just a cover for more destructive actions” which took place “behind the scenes,” Demedyuk said. He did not offer any further details, only suggesting that the “consequences” of the move will be felt “in the near future.”
According to Demedyuk, UNC1151 has had a “track record” of targeting numerous countries. He claimed that the malicious software used in the attack was “very similar” to the one used by ATP-29 – the group often referred to as “Cozy Bear.” ATP-29, along with “Fancy Bear” hackers, has been blamed by American media for compromising the Democratic National Committee’s computers ahead of the 2016 US presidential election.
Demedyuk added that the “cyber espionage” tactics of the group have been “associated with the Russian special services (Foreign Intelligence Service of the Russian Federation).”
Notably, he appears to be the first Ukrainian official who has publicly confirmed that the attack was not carried out by a Russian group.
Another senior Ukrainian figure, the secretary of the National Security and Defense Council, Alexey Danilov, previously alleged in an interview with Britain’s Sky News that he was “99.9% sure” Moscow was behind the hack.