Ukraine Targeted With Ghostwriter Phishing Campaign

Uploaded on 2022-03-04 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

Ukraine’s Computer Emergency Response Team (CERT-UA) has warned of continuing phishing and Ghostwriter activities targeting Ukrainian organisations. 

Security researchers have detected this phishing campaign is linked to a notorious disinformation threat group from Belarus, which is targeting European governments as they try to manage a wave of Ukrainian refugees.

Ghostwriter has previously been used against organisations in Poland as well as domestic targets in Belarus.  

According to CERT-UA, Ghostwriter’s members are officers of the Ministry of Defence of the Republic of Belarus. The threat actor has also been tracked by cyber security firm Mandiant, who say that the Belarus government has been tied to the activities of the  attackers. "Ghostwriter narratives, particularly those critical of neighbouring governments, have been featured on Belarusian state television as fact," according to Mandiant.  

Ghostwriter is particularly associated with Belarussian hacking group UNC1151. Their past activities include promoting anti-NATO material via misinformation networks, website hijacking, spoofing, and targeting Belarusian media outlets and individuals ahead of the 2020 election. 

CERT-UA says that attacks perpetrated by Ghostwriters have been recorded against employees of the National Academy of Sciences Belarus, Voice of the Motherland newspaper, the World Association of Belarusians and other media organizations. The agency has also warned that the threat actor is leveraging an active phishing domain to conduct attacks. “Some EU Member States have observed malicious cyber activities, collectively designated as Ghostwriter, and associated these with the Russian state... Such activities are unacceptable as they seek to threaten our integrity and security, democratic values and principles and the core functioning of our democracies,”

The European Council has previously accused Russia of playing a role in Ghostwriter campaigns. “These malicious cyber activities are targeting numerous members of Parliaments, government officials, politicians, and members of the press and civil society in the EU by accessing computer systems and personal accounts and stealing data... These activities are contrary to the norms of responsible State behaviour in cyberspace as endorsed by all UN Member States, and attempt to undermine our democratic institutions and processes, including by enabling disinformation and information manipulation,” the EU Council said in a statement.  

 EU Consilium:     Mandiant:     Proofpoint:      Oodaloop:     ZDNet:      Bleeping Computer:   

Infosecurity MagazineReuters

You Might Also Read: 

How Did Belarus Shut Down The Internet ?:

 

« Kaspersky Provokes Controversy
Update: The Online War In Ukraine »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Software Testing News

Software Testing News

Software Testing News provides the latest news in the industry; from the most up-to-date reports in web security to the latest testing tool that can help you perform better.

Cyber Security For Critical Assets (CS4CA)

Cyber Security For Critical Assets (CS4CA)

Cyber Security For Critical Assets is a global series of summits focusing on cyber security for critical infrastructure.

Cloudmark

Cloudmark

Cloudmark is a trusted leader in intelligent threat protection against known and future attacks, safeguarding 12 percent of the world’s inboxes from wide-scale and targeted email threats.

ElcomSoft

ElcomSoft

ElcomSoft is a global leader in computer and mobile forensics, IT security and forensic data recovery.

Redjack

Redjack

Redjack is a cutting-edge network analytics company focused on enterprise and ISP security and intelligence solutions.

i-Sprint Innovations

i-Sprint Innovations

i-Sprint is a leader in Securing Identity and Transactions in the Cyber World for industries that are security sensitive.

Telelogos

Telelogos

Telelogos is a European provider of Enterprise Mobility Management software, Digital Signage software and Data Transfer and Synchronization software.

MPC Alliance

MPC Alliance

A consortium of developers and practitioners of multiparty computation (MPC), committed to accelerating market awareness and adoption of MPC to increase the security and privacy of online services.

DisruptOps

DisruptOps

Built for today’s cloud-scale enterprises, DisruptOps’ Cloud Detection and Response platform automates assessment and remediation procedures of critical cloud security issues.

Illuma Labs

Illuma Labs

Illuma Labs delivers real-time voice authentication and fraud prevention solutions.

Digitale Gründerinitiative Oberpfalz (DGO)

Digitale Gründerinitiative Oberpfalz (DGO)

Digital Founder Initiative Oberpfalz's goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

Goldilock

Goldilock

Goldilock is redefining how sensitive data, devices, networks and critical infrastructure can be secured.

Trustaira

Trustaira

Trustaira is the first deep tech solution and service company in Bangladesh.

Frontal

Frontal

Frontal is a specialized unit in Blockchain and Web3.0 cybersecurity. Securing Digital Assets, Cryptocurrency, DeFi, Blockchain and Web3.0 ecosystem.

Airlock Digital

Airlock Digital

Airlock Digital was created after many years of experience in implementing whitelisting/ allowlisting solutions in Federal Government and various enterprises in Australia.

Harmonic Security

Harmonic Security

Harmonic Security helps companies to adopt Generative AI without risking the security and privacy of their data.