Ukraine Targeted With Ghostwriter Phishing Campaign

Uploaded on 2022-03-04 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

Ukraine’s Computer Emergency Response Team (CERT-UA) has warned of continuing phishing and Ghostwriter activities targeting Ukrainian organisations. 

Security researchers have detected this phishing campaign is linked to a notorious disinformation threat group from Belarus, which is targeting European governments as they try to manage a wave of Ukrainian refugees.

Ghostwriter has previously been used against organisations in Poland as well as domestic targets in Belarus.  

According to CERT-UA, Ghostwriter’s members are officers of the Ministry of Defence of the Republic of Belarus. The threat actor has also been tracked by cyber security firm Mandiant, who say that the Belarus government has been tied to the activities of the  attackers. "Ghostwriter narratives, particularly those critical of neighbouring governments, have been featured on Belarusian state television as fact," according to Mandiant.  

Ghostwriter is particularly associated with Belarussian hacking group UNC1151. Their past activities include promoting anti-NATO material via misinformation networks, website hijacking, spoofing, and targeting Belarusian media outlets and individuals ahead of the 2020 election. 

CERT-UA says that attacks perpetrated by Ghostwriters have been recorded against employees of the National Academy of Sciences Belarus, Voice of the Motherland newspaper, the World Association of Belarusians and other media organizations. The agency has also warned that the threat actor is leveraging an active phishing domain to conduct attacks. “Some EU Member States have observed malicious cyber activities, collectively designated as Ghostwriter, and associated these with the Russian state... Such activities are unacceptable as they seek to threaten our integrity and security, democratic values and principles and the core functioning of our democracies,”

The European Council has previously accused Russia of playing a role in Ghostwriter campaigns. “These malicious cyber activities are targeting numerous members of Parliaments, government officials, politicians, and members of the press and civil society in the EU by accessing computer systems and personal accounts and stealing data... These activities are contrary to the norms of responsible State behaviour in cyberspace as endorsed by all UN Member States, and attempt to undermine our democratic institutions and processes, including by enabling disinformation and information manipulation,” the EU Council said in a statement.  

 EU Consilium:     Mandiant:     Proofpoint:      Oodaloop:     ZDNet:      Bleeping Computer:   

Infosecurity MagazineReuters

You Might Also Read: 

How Did Belarus Shut Down The Internet ?:

 

« Kaspersky Provokes Controversy
Update: The Online War In Ukraine »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Mako Group

Mako Group

The Mako Group specializes in protection - providing security through auditing, testing, and assessments. And, we do it all with the highest quality standards possible.

Schneider Electric

Schneider Electric

Schneider Electric develops connected technologies and solutions to manage energy and process in ways that are safe, reliable and sustainable.

Cyberwrite

Cyberwrite

Cyberwrite was founded to provide underwriters around the world a unique and innovative Cyber Underwriting platform.

Ideagen

Ideagen

Ideagen provides information management, safety, risk and compliance software solutions that allow organisations to achieve operational excellence, regulatory compliance and reduce risk.

CYRISMA

CYRISMA

CYRISMA is a revolutionary cybersecurity platform that helps organizations manage risk without the usual headaches associated with enterprise cybersecurity tools.

Data Privacy Office (DPO)

Data Privacy Office (DPO)

Data Privacy Office is a company that specializes in privacy and personal data protection, following the highest standards in its sector.

Prism Infosec

Prism Infosec

Prism Infosec is an award-winning independent cyber security consultancy, CREST STAR, NCSC CHECK member, CAA ASSURE audit provider and PCI Qualified Security Assessor.

Alias

Alias

Alias (formerly Alias Forensics) provide penetration testing, vulnerability assessments, incident response and security consulting services.

PKI Solutions

PKI Solutions

PKI Solutions offers Public Key Infrastructure (PKI) products, services, and training to help ensure the security of organizations now and in the future.

Timus Networks

Timus Networks

Timus Networks enables today's work from anywhere organizations to secure their networks very easily and cost effectively.

Capgemini

Capgemini

Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. Areas of expertise include Cybersecurity.

dWallet Labs

dWallet Labs

dWallet Labs is a cybersecurity company specializing in blockchain technology. We believe that the future of Web3 relies on cutting edge cryptography and unabated security.

Benchmark IT Services (BITS)

Benchmark IT Services (BITS)

BITS is a leading cyber security company in Australia. Our certified professionals work with you to keep your data assets safe and secure.

FastPassCorp

FastPassCorp

In the world of IT, identity theft is a growing concern. FastPass offers an innovative solution as a cloud or on-premises offering.

TerraZone

TerraZone

TerraZone is a global cyber security and privacy solutions provider to governments and enterprises.

RELIANOID

RELIANOID

RELIANOID is an application delivery controller and load balancing system that ensures high performance and security of IT services on a massive scale.