Polish Intelligence Says Russia was Complicit in Cyberattacks
Ghostwriter Disinformation Campaign Polish government officials Tied to Russian Hackers
Poland’s Military Counterintelligence Service (MCS) says that cybercriminals linked to the Russian government are believed to be responsible for a cyberattack on Polish email accounts. A disinformation campaign known as Ghostwriter is appears to the work of a Russian state-sponsored cyber-espionage group UNC1151.
“Ghostwriter is a cyber-enabled influence campaign which primarily targets audiences in Lithuania, Latvia and Poland and promotes narratives critical of the North Atlantic Treaty Organization’s (NATO) presence in Eastern Europe,” say cyber security researchers at Fireeye.
The Military Counterintelligence Service (Polish: Służba Kontrwywiadu Wojskowego; SKW) is Poland’s intelligence service. The agency is responsible for protecting Poland from internal threats and for national defense.
Poland’s counter-intelligence said on Thursday that over 4,000 accounts belonging to Polish email users were attacked this month. Among them were more than 100 email accounts used by current and former government officials.
Attacked email accounts include those belonging to members of the former and current government, deputies, senators, and local government officials.
Leaked email messages ere dumped on encrypted messaging app Telegram.
MCS Says Email Hackers Linked to Russian State
“The secret services have reliable information at their disposal which links this group with the activities of the Russian secret services,” the spokesperson said in a statement according to a post on US News.
The agency also stated that it believes that the attack was the work of Russian hacking group tracked as UNC1151. These attackers are not currently connected to any previously tracked advanced persistent threat group.
UNC1151 is believed to work at the behest of the Kremlin.
“We assess with high confidence that UNC1151, a suspected state-sponsored cyber espionage group, conducts at least some components of Ghostwriter influence activity; current intelligence gaps, including gaps pertaining to website compromises and the operation of false personas, do not allow us to conclusively attribute all aspects of the Ghostwriter campaign to UNC1151 at this time,” FireEye says.