This article was originally published by Radio Free Europe/Radio Liberty and is reprinted with permission.
U.S. cybersecurity researchers say they have uncovered evidence that the Belarusian government is linked to a hacking and disinformation campaign against Eastern European NATO members.
Researchers with the cybersecurity firm Mandiant said in a report issued on November 16 that the campaign, known as Ghostwriter, was primarily aimed at sowing discord and stealing information.
The researchers said they assessed that the hacking group, which it calls UNC1151, is linked to the Belarusian government, and the group provides technical support to the Ghostwriter campaign.
“This assessment, along with observed Ghostwriter narratives consistent with Belarusian government interests, causes us to assess with moderate confidence that Belarus is also likely at least partially responsible for the Ghostwriter campaign,” Mandiant said in its report.
Mandiant has tracked UNC1151 since 2017 and issues periodic updates on its activity. The most recent report appears to mark the first time Belarus has been linked to the Ghostwriter campaign.
European Union members have previously said they suspected Russian involvement in Ghostwriter. The Mandiant report said it had no direct proof of Russian participation but didn’t rule it out.
Germany’s prosecutor-general in September opened investigations into cyberattacks targeting German politicians, and the German Foreign Ministry blamed them on Moscow.
The Belarusian government did not immediately respond to a request for comment, according to the AP. The Russian Embassy in Washington did not respond to a request for comment from RFE/RL but told AP it had no immediate comment. Russian officials regularly reject accusations they are involved in hacking and disinformation activity.
Ben Read, director of cyberespionage analysis at Mandiant, would not provide details on why Mandiant is highly confident Belarus technically assisted the hackers and why it says they are likely located in Minsk, according to AP.
He said only that they left telltale digital footprints and that multiple other sources corroborated Mandiant’s findings that the hackers likely were located in Minsk.
The report also said researchers believe Belarus’s military is involved with the hackers. The reports says the evidence of this has been “directly observed by Mandiant.”
The main targets of the hacking and disinformation campaign have been NATO members Poland, Lithuania, and Latvia, as well as Ukraine.
Also targeted were domestic news media and political opponents of Belarusian strongman Alyaksandr Lukashenka prior to the disputed August 2020 election that the opposition and Western governments have said was rigged.
The report notes that since the elections, Ghostwriter disinformation operations have been more closely aligned to Lukashenka’s political agenda, attempting in particular to create tensions in Polish-Lithuanian relations.
Among the false narratives disseminated were false claims that NATO was planning to withdraw from Lithuania in response to the COVID-19 pandemic and that nuclear waste from Lithuania was threatening Poland.
Mandiant’s findings come as the European Union prepares new sanctions against Belarus over a migrant crisis on its border with Poland, Latvia, and Lithuania.