Digital Media Net - Your Gateway To Digital media Creation. News and information on Digital Video, VR, Animation, Visual Effects, Mac Based media. Post Production, CAD, Sound and Music
Categories: News

 Prevailion Issues New Threat Intelligence Updates for Suspected Russian Disinformation Group UNC1151

HOUSTON–(BUSINESS WIRE)–Prevailion, a global leader in Compromise Breach MonitoringTM and cyber adversary intelligence, has discovered new operational details for UNC1151, a suspected Russian state-sponsored cyber threat actor, which has been involved in cyber espionage and online disinformation and influence campaigns throughout Europe.

Prevailion’s researchers have determined that UNC1151’s online infrastructure is three times larger than what has been previously documented, and its malicious cyber activities are broader and more aggressive than was originally suspected. These operations are also continuing to evolve and expand.

“The specially-crafted phishing infrastructure we uncovered is extensive for a disinformation campaign and shows that they built this for long-term resilience and probably have financial backing of some kind, which reinforces the state-sponsored suspicions,” said Karim Hijazi, CEO of Prevailion. “The domains we discovered appear to be the group’s backup infrastructure, which they likely switched to after security researchers exposed other domains in previous reporting. This shows a high level of sophistication, as UNC1151 seems to have anticipated some level of domain attrition by the security community and had backups in place to maintain their operation with limited, if any, disruption.”

WHAT IS UNC1151?

UNC1151 is a cyber threat actor that is believed to be backed by the Kremlin and responsible for a series of ongoing malicious activities throughout Europe known as “Ghostwriter”. These activities involve anti-NATO disinformation campaigns, cyber espionage and politically damaging hack-and-leak operations.

This group was first identified by FireEye’s Mandiant in April 2021, as a follow-up to its July 2020 report which first identified the Ghostwriter campaign. Additional research on UNC1151 and Ghostwriter have been carried out by several other companies, including ThreatConnect, DomainTools and VSQUARE.

NEW FINDINGS IN PREVAILION REPORT:

Prevailion’s Adversarial Counterintelligence Team (PACT) used advanced infrastructure hunting techniques and Prevailion’s unique visibility into threat actor infrastructure creation to uncover previously unknown domains associated with UNC1151 and the “Ghostwriter” influence campaign.

In a report published today, Prevailion details the following findings:

  • PACT assesses with Moderate to High Confidence that there are 81 additional, unreported malicious domains clustered with the activity that FireEye and ThreatConnect detailed in their respective reports. This makes UNC1151’s online infrastructure almost three times larger than was originally documented.
  • PACT also assesses with High Confidence that UNC1151 has targeted additional European entities outside of the Baltics, Poland, Ukraine and Germany, for which no previous public reporting exists.
  • PACT identified domain and subdomain naming themes that indicate a change in targeting around 2020/2021, as Ghostwriter targeted European Apple (iPhone and iCloud) and PayPal users, as well as European users of popular regional web service providers like OVH Telecom and global tech giants like Google, Microsoft, Twitter, and Facebook.

“Based on our counterintelligence collection, we believe that UNC1151 is positioned for a much wider operation, both in Europe and potentially beyond,” said Hijazi. “A common tactic used by Russian groups is to test specific cyber tactics and strategies in countries like Ukraine or the Baltics first, before deploying them against larger national targets.”

To read the full report, go to: https://www.prevailion.com/diving-deep-into-unc1151s-infrastructure-ghostwriter-and-beyond.

ABOUT PREVAILION

Prevailion is the world’s first Continuous Breach MonitoringTM company, transforming the way organizations approach compromise detection and breach prevention to drastically improve security operations. Through next-level tailored intelligence and a zero-touch platform, Prevailion provides a full view of confirmed “Evidence of Compromise” (EOC) for customers and their partner ecosystems. Prevailion is funded by AllegisCyber Capital, DataTribe, Allstate Strategic Ventures, Legion Capital, Irongrey and Accenture Ventures. To learn more about Prevailion, visit www.prevailion.com.

Contacts

Michael Sias

Firm 19 for Prevailion

inquiry@firm19.com
954-361-3963

 

Staff

Recent Posts

Digital Health Tools are Expanding in Scope and Function to Aid Patient Diagnosis, Treatment and Monitoring, Says New Report from The IQVIA Institute

The number of digital health apps stands at 337,000, with disease-specific apps that bring more…

2 hours ago

Appy Pie’s No-Code AI Design Platform Simplifies Holiday Creations for Christmas Posters and Avatars

NEW DELHI, Dec. 21, 2024 /PRNewswire/ -- Appy Pie Design, a leading No-code AI Design…

2 days ago

Thought Technology Ltd Celebrates 50 Years of Innovation and Excellence

Montreal-based Thought Technology Ltd wraps up its 50th year in business providing psychophysiological instrumentation to…

2 days ago

Gaudio Lab, Winner of CES Innovation Awards for Three Consecutive Years, to Unveil New Solutions at CES 2025

LAS VEGAS and SEOUL, South Korea, Dec. 20, 2024 /PRNewswire/ -- Gaudio Lab, a leader in…

2 days ago

Impossible Creative Unveils Cutting-Edge Immersive Experience at COP16

RIYADH, Saudia Arabia, Dec. 20, 2024 /PRNewswire/ -- Impossible Creative debuted innovative immersive storytelling technology…

3 days ago

Prescott, Arizona’s Jim & Linda Lee Performing Arts Center at Yavapai College Invests in Ayrton Rivale Profile and Karif-LT Fixtures

The Jim & Linda Lee Performing Arts Center, Northern Arizona’s premiere entertainment venue, has installed…

3 days ago