Belarusian Hackers Target Yury Hubarevich with Sophisticated Phishing Attack

On 2026-05-29 a sophisticated AiTM phishing attack attributed to Belarus-linked UNC1151 targeted opposition politician Yury Hubarevich by redirecting a legitimate-looking Google notification through a compromised Ukrainian site to a fake Google login hosted via BunnyCDN; the operation streamed credentials and real-time 2FA codes to attacker infrastructure (domain check-profile.digital, IP 45.194.44.44) but did not result in a confirmed account compromise. The report recommends transitioning to phishing-resistant authentication (FIDO2/passkeys), blocking the listed IoCs, and training users to detect homoglyph and spoofed-sender phishing attempts.