UNC1151 Threat Actors Breach Polish MPs’ Email Accounts
Polish Counter-Intelligence Revealed Additional Details of One of the Biggest Cyberattacks Targeting the Country in Recent Years.
On July 2nd, the email accounts of about a dozen members of the Polish parliament were hacked, including the personal account of the prime minister’s top aide Michal Dworczyk. This incident had led to opposition criticism of officials for using private accounts to exchange confidential documents.
As reported by Reuters, the news comes two weeks after the authorities said top Polish government officials had been hit by a far-reaching cyberattack conducted in June that affected over 100 email accounts of current and former government officials.
The Military Counterintelligence Service announced that the hackers’ targets came from almost every parliamentary opposition grouping, and those affected had been notified and had received cybersecurity training.
None of the affected lawmakers were identified in the MCS statement.
Polish Intelligence Agencies Link the Attack to Russia
On June 22nd, Polish counter-intelligence said that it has evidence linking the cyberattack on thousands of email and social media accounts of politicians, public figures, and other Poles to Russia’s secret services.
The MCS said the hackers known as UNC1151 were behind the attack, adding the group’s actions are part of a campaign known as Ghostwriter that has targeted Polish politicians in recent months and that has also affected other countries in the region.
Stanislaw Zaryn, the spokesman for the minister who coordinates Poland’s intelligence agencies, claimed the attack was part of a campaign to destabilize politics in Central Europe.
According to Zaryn,
The services are in possession of information confirming the links of the aggressors with the activity of the Russian special services. Some 100 of the more than 4,350 accounts hit in Poland belong to former and current government members, lawmakers and local administration officials.
Heimdal® Email Security
- Completely secure your infrastructure against email-delivered threats;
- Deep content scanning for malicious attachments and links;
- Block Phishing and man-in-the-email attacks;
- Complete email-based reporting for compliance & auditing requirements;
Some Polish security officials believe the attack is aimed at weakening Poland’s position internationally or straining its ties with Western partners. Warsaw backs sanctions against Russia over its 2014 annexation of Crimea from Ukraine and its support for the authoritarian president of Belarus.
Russia has repeatedly denied carrying out or tolerating cyberattacks following allegations from the United States about cyberattacks on U.S. territory, Ukraine, and Saudi Arabia.
Just last month, G7 Leaders urged Russia to take action against threat actors conducting cyberattacks and using ransomware from within its borders. The reprehension came after a three-day summit of G7 leaders in Britain that also called on Moscow to “stop its destabilizing behaviour and malign activities”.