Friday’s massive cyberattack targeting Ukrainian government agencies was carried out by a group linked to Belarusian intelligence services, a senior Kiev security official claimed in a statement on Saturday.
"Our preliminary belief is that the group UNC1151 may be involved in this attack," the Deputy Secretary of Ukraine’s National Security and Defense Council, Sergey Demedyuk, said in a written comment to Reuters.
The “cyber-espionage group” in question is understood to be “affiliated with the special services of the Republic of Belarus,” according to the official.
The attack on the government’s websites “was just a cover for more destructive actions” which took place “behind the scenes,” Demedyuk said. He did not offer any further details, only suggesting that the “consequences” of the attack will be felt “in the near future.”
According to Demedyuk, UNC1151 has had a “track record” of targeting numerous countries. He claimed that the malicious software used in the attack was “very similar” to the one used by ATP-29 – the group often referred to as the “Cozy Bear.” ATP-29, along with “Fancy Bear” hackers, has been blamed for compromising the Democratic National Committee’s computers ahead of the 2016 US presidential election by American media.
Demedyuk added that the “cyber espionage” tactics of the group have been “associated with the Russian special services (Foreign Intelligence Service of the Russian Federation).”
Notably, Demedyuk appears to be the first Ukrainian official who has publicly confirmed that the attack was not carried out by a Russian group.
Another senior Ukrainian figure, the secretary of the National Security and Defense Council, Alexey Danilov, previously alleged in an interview with Britain’s Sky News that he was “99.9% sure” Moscow was behind the hack.