Latest Research Links Ghostwriter Disinformation Campaign to Belarus

The Belarus connection

• The campaign tried to infiltrate multiple Belarusian media entities and several members of the opposition parties in the year before the 2020 Belarusian election. 
• While the group did not target Russian or Belarusian state entities, media entities in Lithuania, Poland, Ukraine, and Latvia were on its target list.
• Researchers also noted that some individuals targeted by UNC1151 before the 2020 Belarusian election were later arrested by the Belarusian government.
• The sensitive technical information collected by the researchers implies that the attackers were possibly operating from Minsk, a city of Belarus controlled by the Belarusian Military. These connections with the location were confirmed via various sources, which provided a strong indication of the involvement of Belarusian threat actors.
• However, researchers further stated that Russian contributions can not be ruled out.

The GhostWriter campaign

• The attackers behind this GhostWriter campaign had compromised Content Management Systems (CMS) of news websites or spoofed email accounts to propagate fake news.
• They replaced existing genuine articles on the sites with fake ones, instead of creating new posts. 
• They spread falsified news articles, correspondence, quotes, and other documents that appear to be sent from political figures and military officials in the target countries. 
• The campaign targeted specific states members of the alliance, such as Lithuania, Poland, and Latvia.

Conclusion