UNC1151, carried out by a group most likely linked to the Belarusian government and, according to many accounts, to the Belarusian military, is the second information operation against the countries bordering Belarus, along with the Ghostwriter campaign. Leaks from government mailboxes are part of a broader information operation performed by such a group. Countries targeted by Operation Ghostwriter have recently severed diplomatic relations with Minsk, which is involved in the campaign, experts say in the Mandiant report. As part of the UNC1151 campaign, some national defense ministries in some countries are usually attacked. The group that leads it uses the malicious programs HIDDENVALUE and HALFSHELL.
Such operations are in line with the policies of the Lukashenko regime, experts say, emphasizing that after the rigged 2020 elections, UNC1151 operations were directed, in particular, against countries that defended the Belarusian opposition, including Lithuania and Poland.
Experts also tend to believe that Russia is involved in both campaigns, although sufficient evidence has not yet been found. Most of these operations are in line with Russian policy objectives, which undermine the credibility of NATO and the Alliance in the Baltic States and Poland. Creating a large amount of content in many languages (Ghostwriter is an operation conducted in Polish, English, Lithuanian, Latvian, Ukrainian, German and Russian) requires good skills and may indicate the involvement of third parties. The goals of such an operation are a number of private and state structures not only in Poland and Lithuania, but also in such countries as Ukraine, Latvia, and Germany. The cyberattacks used domains that pretended to be well-known companies, such as Facebook, Google or Twitter, as well as malicious software for unauthorized access to computers (particularly during attacks on entities from Ukraine, as well as Lithuania and Poland).