Ukraine Targeted With Ghostwriter Phishing Campaign

Uploaded on 2022-03-04 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

Ukraine’s Computer Emergency Response Team (CERT-UA) has warned of continuing phishing and Ghostwriter activities targeting Ukrainian organisations. 

Security researchers have detected this phishing campaign is linked to a notorious disinformation threat group from Belarus, which is targeting European governments as they try to manage a wave of Ukrainian refugees.

Ghostwriter has previously been used against organisations in Poland as well as domestic targets in Belarus.  

According to CERT-UA, Ghostwriter’s members are officers of the Ministry of Defence of the Republic of Belarus. The threat actor has also been tracked by cyber security firm Mandiant, who say that the Belarus government has been tied to the activities of the  attackers. "Ghostwriter narratives, particularly those critical of neighbouring governments, have been featured on Belarusian state television as fact," according to Mandiant.  

Ghostwriter is particularly associated with Belarussian hacking group UNC1151. Their past activities include promoting anti-NATO material via misinformation networks, website hijacking, spoofing, and targeting Belarusian media outlets and individuals ahead of the 2020 election. 

CERT-UA says that attacks perpetrated by Ghostwriters have been recorded against employees of the National Academy of Sciences Belarus, Voice of the Motherland newspaper, the World Association of Belarusians and other media organizations. The agency has also warned that the threat actor is leveraging an active phishing domain to conduct attacks. “Some EU Member States have observed malicious cyber activities, collectively designated as Ghostwriter, and associated these with the Russian state... Such activities are unacceptable as they seek to threaten our integrity and security, democratic values and principles and the core functioning of our democracies,”

The European Council has previously accused Russia of playing a role in Ghostwriter campaigns. “These malicious cyber activities are targeting numerous members of Parliaments, government officials, politicians, and members of the press and civil society in the EU by accessing computer systems and personal accounts and stealing data... These activities are contrary to the norms of responsible State behaviour in cyberspace as endorsed by all UN Member States, and attempt to undermine our democratic institutions and processes, including by enabling disinformation and information manipulation,” the EU Council said in a statement.  

 EU Consilium:     Mandiant:     Proofpoint:      Oodaloop:     ZDNet:      Bleeping Computer:   

Infosecurity MagazineReuters

You Might Also Read: 

How Did Belarus Shut Down The Internet ?:

 

« Kaspersky Provokes Controversy
Update: The Online War In Ukraine »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Gamma

Gamma

Gamma is a leading provider of Unified Communications as a Service (UCaaS) into the UK, Dutch, Spanish and German business markets.

Stratogent

Stratogent

Stratogent does IT and Cybersecurity operations. We specialize in high-touch and high-change IT environments, especially in the biotech and pharma industry verticals.

BSA - The Software Alliance

BSA - The Software Alliance

BSA is the leading advocate for the global software industry before governments and in the international marketplace.

redGuardian

redGuardian

redGuardian is a DDoS mitigation solution available both as a BGP-based service and as an on-premise platform.

Havoc Shield

Havoc Shield

Havoc Shield is an all-in-one information security platform that includes everything a growing team needs to secure their remote workforce.

Centraleyes

Centraleyes

Centraleyes (formerly CyGov) is a cutting-edge integrated cyber risk management platform that gives organizations unparalleled understanding of their cyber risk and compliance.

The ATOM Group

The ATOM Group

ATOM builds and secures technology for regulated industries. We design and build for a future we can all trust.

Digital Edge

Digital Edge

Digital Edge provides unparalleled Managed Cloud Solutions, as well as superior Information Technology Support Services.

Serbus

Serbus

Serbus Secure is a fully managed suite of secure communication, enterprise mobility and mobile device security tools.

Elba

Elba

Employee security needs to be reinvented. SaaS security needs to involve end-user and awareness needs to be actionable. Meet elba, the 5-in-one cybersecurity hub with no compromises.

SIEM Xpert

SIEM Xpert

SIEM Xpert is a leader in Cyber Security Trainings and services since 2015.

CloudCoCo

CloudCoCo

CloudCoCo help UK businesses of all sizes and industries succeed by providing enterprise-grade technology at small-business prices.

Fescaro

Fescaro

FESCARO is a trusted cybersecurity partner for global automakers and their partners, helping them transition to software-defined vehicles (SDVs) with tailored automotive software solutions.

Virtual IT Group (VITG)

Virtual IT Group (VITG)

VITG is a cyber security-focused Managed Service Provider (MSP).

e-Safer

e-Safer

e-Safer's mission is to provide solutions and services that ensure a safer digital environment.

Fernao Group

Fernao Group

Fernao offer you all solutions from a single source - from cyber security, business resilience and digital infrastructure to cloud technologies and pentesting.