Attackers rob private data and gain unrestricted remote access to computer systems.
By initiating a number of cyberattacks against governmental organizations, military institutions, and common users in Ukraine and Poland, the new hacker group UNC1151 has increased its activity.
The group’s nefarious operations allegedly started in April 2022 and are still going on, according to the most recent report from Cisco Talos. The main objectives of attackers are to steal private data and get unrestricted remote access to computer systems.
According to Cisco Talos, the UNC1151 group’s GhostWriter campaign, which is purportedly connected to the Belarusian government, is linked to the hacks by CERT-UA (Computer Emergency Response Team).
The Hackers Techniques
The assault techniques show a complicated multi-stage chain of infection. It starts with malicious Excel and PowerPoint presentations that conceal loaders for executable files and malware that is tough to detectly ensconced in graphics. The government and military institutions of Ukraine and Poland are the primary targets of cyberattacks.
Hackers utilize social engineering techniques to pass off fake words and photos as real ones. Social engineering aims to persuade victims to activate macros so that attackers may start a series of evil deeds. When they opened Excel files that resembled VAT refund forms, these efforts apparently exploited Ukrainian and Polish companies as well as common people.
The AgentTesla RAT Trojan, Cobalt Strike beacons, and njRAT were among the harmful applications used by hackers in the assaults that were analyzed. By using malware, attackers can take remote control of infected devices and steal data. CiscoTalos strongly advises the implementation of all-encompassing security measures to reduce the danger of cyberattacks.
The business also included a comprehensive list of the indications of compromise (IoC) linked to these risks in its study. The purported Belarusian hacking organization UNC1151 was related to a recent misinformation campaign named Ghostwriter, according to a report from the Polish Ministry of National Defense in April.
The initial Ghostwriter campaign was aimed towards Ukraine as well as Poland, Lithuania, and Latvia. Experts claim that the hackers left obvious digital traces. The Mandiant specialists then connected this campaign to UNC1151.
A year before the 2020 elections, UNC1151 also assaulted many members of the political opposition in Belarus as well as a number of Belarusian media outlets. Prior to the 2020 Belarusian elections, UNC1151 assaulted many people who were later detained by the Belarusian government.