Nation-State Actor
UNC1151 (Ghostwriter)
Belarus • Active since 2017
UNC1151 is Belarus's hacking team that spreads disinformation and hacks government websites. They work closely with Russian intelligence and have attacked Polish and Lithuanian government networks.
Overview
UNC1151 is a threat group linked to Belarusian intelligence that conducts cyber espionage and information operations. They target government and media organizations in Eastern Europe, particularly Poland and Lithuania.
Also Known As
Ghostwriter, TA445, UNC1151
Target Industries
Government, Media, Military, NGOs, Diplomatic
Target Regions
Poland, Lithuania, Latvia, Ukraine, Germany
Is your business exposed?
Tactics, Techniques & Procedures
- • Credential phishing
- • Website defacement
- • Information operations
- • Social media manipulation
- • Living off the land
Known Tools & Malware
Cobalt Strike, SunSeed, Microbackdoor, PowerShell Empire
Notable Campaigns
Ghostwriter Information Operations (2020-2022)
Hack-and-leak operations against NATO member states.
Polish Government Targeting (2021)
Compromised Polish government officials' email accounts.
MITRE ATT&CK Techniques
T1566.001, T1491, T1598.003, T1078, T1059.001
Defense Recommendations
- 1.
Assess Eastern European threat exposure
- 2.
Implement website integrity monitoring
- 3.
Train staff on credential phishing
Related Threat Actors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required