The ghostwriter group of hackers is known for targeted attacks on German members of the Bundestag and the attempt to influence the Bundestag elections. Mandiant releases information on the UNC1151 group, believed to be linked to the Belarusian government.
Mandiant revealed new details on the ghostwriter disinformation campaign at Cyberwarcon, a conference that focuses on the specter of the destruction, disruption and malicious use of cyber skills to our society. Among other things, Mandiant Threat Intelligence assumes with a high probability that UNC1151 is connected with the Belarusian government and that Belarus is at least partially responsible for the ghostwriter campaign. This assessment is based on technical and geopolitical indicators obtained from an in-depth analysis of new and historical evidence.
Ghostwriter: Technical evidence points to Belarus
The pre-2020 ghostwriting disinformation operations were primarily directed against NATO, but since mid-2020 the attacks have focused on Belarus' neighboring countries. Since the controversial elections in Belarus in August 2020, the ghostwriting operations have been geared even more clearly to the interests of Minsk.
Ben Read, Director of Intelligence Analysis at Mandiant, said: “New evidence combined with extensive, previously uncovered operations have enabled Mandiant to link the UNC1151 hacker group and the ghostwriting disinformation campaign to Belarus. These have been active since at least 2017 and 2016 respectively and have carried out provocative disinformation operations with a focus on Central Europe and the Baltic countries. Although Mandiant has linked these activities with Belarus, we cannot rule out the involvement of other countries, particularly Russia. The close ties between Belarus and Russia, as well as Russia's distinctive capabilities in the field of information operations and cyber espionage, make Russian involvement in these operations plausible. "
More at Mandiant.com
About Mandiant Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response. With decades of experience on the cyber frontline, Mandiant helps organizations confidently and proactively defend against cyber threats and respond to attacks. Mandiant is now part of Google Cloud.