As the war in Ukraine rages, the state-sponsored hacker groups aligned with Russia and Belarus are continuing their cyber offensive against Ukraine with malicious cyberattacks and campaigns spreading disinformation, a new report from Mandiant said.

According to the researchers, many of disinformation narratives they observed were aimed at demoralizing Ukrainians and fomenting internal unrest; dividing Ukraine from its allies; bolstering perceptions of Russia. Some of the falsehoods targeted Russian domestic audiences, underscoring Russia’s need to sell the war to its own people.

“We have identified multiple narratives that appeared intended to demoralize Ukrainians and incite internal unrest within Ukraine, including false claims of the surrender of the Ukrainian government or military,” Mandiant said.

The report describes a recent operation carried out by Ghostwriter, a cyber threat group linked to the Belarusian government, which used compromised assets to promote fake content claiming that a Polish criminal ring was harvesting organs from Ukrainian refugees to illegally traffic in the European Union, and that Poland’s Internal Security Agency was investigating the criminal enterprise, which was said to involve “high-ranking Polish officials.”

The Russia-linked advanced persistent threat group known as APT28 or Fancy Bear, continues to post content on Telegram channels related to the Russia-Ukraine war, focusing on “weakening Ukrainians' confidence in their government and its response to the invasion.”

“Information operations observed in the context of Russia’s invasion of Ukraine have exhibited both tactical aims responding to, or seeking to shape, events on the ground and strategic objectives attempting to influence the shifting geopolitical landscape. While these operations have presented an outsized threat to Ukraine, they have also threatened the U.S. and other Western countries. As a result, we anticipate that such operations, including those involving cyber threat activity and potentially other disruptive and destructive attacks, will continue as the conflict progresses,” Mandiant said.

Cybersecurity Help statement on the critical situation in Ukraine

On February 24, people in many cities and towns across Ukraine woke up to the sounds of explosions and artillery fire, as the Russian Federation launched a full-scale invasion of the country. Such actions are unacceptable, political ambitions of any man aren’t worth of blood, tears, and destruction of millions of lives. We give our full support to the Ukrainian people in these hard times. No more war! Слава Україні!