UNC1151

Ukraine government officials suspect Belarusian threat actor UNC1151 of conducting a cyberattack targeting over 70 government websites on January 14. Hackers defaced the websites, posting threatening messages including “be afraid and expect the worst,” in advance of Russian troops crossing the border into Ukraine. The attack is suspected to have been a distraction from more destructive attacks.

On March 7, UNC1151 was detected installing a publicly available backdoor, MicroBackdoor, onto Ukrainian government systems. The attack vector and exact agencies targeted remain unknown.

UNC1151 was also detected in early March launching a phishing campaign against the Ukrainian and Polish governments and militaries, although it is unclear if they managed to penetrate any networks.