A fresh wave of phishing attacks targeting the Ukrainian military appears to be the handiwork of the UNC1151 military hacking team out of neighboring nation Belarus, according to the Ukraine Computer Emergency Response Team (CERT).
The email — sent to victims’ personal email accounts — attempts to lure the recipient to click on a malicious link that then siphons their email messages and address books to further spread the phishing campaign. UNC1151 traditionally has waged attacks for cyber-espionage purposes, according to Mandiant, and comes at a time of high cyber alert in Ukraine and elsewhere.
“Mass phishing emails have recently been observed targeting private ‘i.ua’ and ‘meta.ua’ accounts of Ukrainian military personnel and related individuals. After the account is compromised, the attackers, by the IMAP protocol, get access to all the messages. Later, the attackers use contact details from the victim’s address book to send the phishing emails,” the CERT posted on its social media account, according to a report from Reuters.