Ukraine Targeted With Ghostwriter Phishing Campaign

Ukraine’s Computer Emergency Response Team (CERT-UA) has warned of continuing phishing and Ghostwriter activities targeting Ukrainian organisations. 

Security researchers have detected this phishing campaign is linked to a notorious disinformation threat group from Belarus, which is targeting European governments as they try to manage a wave of Ukrainian refugees.

Ghostwriter has previously been used against organisations in Poland as well as domestic targets in Belarus.  

According to CERT-UA, Ghostwriter’s members are officers of the Ministry of Defence of the Republic of Belarus. The threat actor has also been tracked by cyber security firm Mandiant, who say that the Belarus government has been tied to the activities of the  attackers. "Ghostwriter narratives, particularly those critical of neighbouring governments, have been featured on Belarusian state television as fact," according to Mandiant.  

Ghostwriter is particularly associated with Belarussian hacking group UNC1151. Their past activities include promoting anti-NATO material via misinformation networks, website hijacking, spoofing, and targeting Belarusian media outlets and individuals ahead of the 2020 election. 

CERT-UA says that attacks perpetrated by Ghostwriters have been recorded against employees of the National Academy of Sciences Belarus, Voice of the Motherland newspaper, the World Association of Belarusians and other media organizations. The agency has also warned that the threat actor is leveraging an active phishing domain to conduct attacks. “Some EU Member States have observed malicious cyber activities, collectively designated as Ghostwriter, and associated these with the Russian state... Such activities are unacceptable as they seek to threaten our integrity and security, democratic values and principles and the core functioning of our democracies,”

The European Council has previously accused Russia of playing a role in Ghostwriter campaigns. “These malicious cyber activities are targeting numerous members of Parliaments, government officials, politicians, and members of the press and civil society in the EU by accessing computer systems and personal accounts and stealing data... These activities are contrary to the norms of responsible State behaviour in cyberspace as endorsed by all UN Member States, and attempt to undermine our democratic institutions and processes, including by enabling disinformation and information manipulation,” the EU Council said in a statement.  

 EU Consilium:     Mandiant:     Proofpoint:      Oodaloop:     ZDNet:      Bleeping Computer:   

Infosecurity MagazineReuters

You Might Also Read: 

How Did Belarus Shut Down The Internet ?:

 

« Kaspersky Provokes Controversy
Update: The Online War In Ukraine »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Authenware

Authenware

AuthenWare delivers the highest level of identity security based on behavioral biometrics.

CERT Bulgaria (CERT.BG)

CERT Bulgaria (CERT.BG)

CERT Bulfaria is the National Computer Security Incidents Response Team for Bulgaria.

Sepio Cyber

Sepio Cyber

Sepio is the leading asset risk management platform that operates on asset existence rather than activity.

Carson & SAINT

Carson & SAINT

Carson & SAINT is an award-winning consulting firm with deep experience in cybersecurity technology, software, and management consulting.

Future of Cyber Security Europe

Future of Cyber Security Europe

Future of Cyber Security Europe is a European wide event examining the latest cyber security strategies and technologies.

Block Armour

Block Armour

Block Armour is a Mumbai and Singapore based venture focused on harnessing emerging technologies to counter growing Cybersecurity challenges in bold new ways.

Cask Government Services

Cask Government Services

Cask Government Services focuses on program management, cybersecurity, logistics, business analysis and engineering services for Federal, State and Local Government.

u-blox

u-blox

u-blox deliver leading wireless technology to reliably and securely locate and connect people and devices.

101 Blockchains

101 Blockchains

101 Blockchains is a professional and trusted provider of enterprise blockchain research and training.

Cyber Security Africa

Cyber Security Africa

Cyber Security Africa is a full-service Information Security Consulting firm offering a comprehensive range of Services and Products to help organizations protect their valuable assets.

Vilnius Tech Park

Vilnius Tech Park

The region‘s most complex and integrated ICT hub, Vilnius Tech Park aims to attract and unite innovative talent from big data, cyber security, smart solutions, fintech and digital design.

AmWINS Group

AmWINS Group

AmWINS are a global specialty insurance distributor with expertise in property, casualty and professional lines including cyber liability.

Cyber Pop-Up

Cyber Pop-Up

Cyber Pop-Up provide on-demand access to top security experts. No recruiting. No onboarding. No overhead costs.

DataViper

DataViper

Data viper is a threat intelligence platform designed for organizations, investigators, and law enforcement.

CommandK

CommandK

CommandK provides companies with infrastructure to protect their sensitive data. Built-in solutions to prevent data-leaks and simplify governance.

Arelion

Arelion

Arelion is a leading light in global connectivity and we've been keeping the world connected for nearly three decades.