Ghostwriter Archives - Security Affairs

Pierluigi Paganini February 26, 2025

New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus

A Ghostwriter campaign using a new variant of PicassoLoader targets opposition activists in Belarus, and Ukrainian military and government organizations. SentinelLABS observed a new Ghostwriter campaign targeting Belarusian opposition activists and Ukrainian military and government entities with a new variant of PicassoLoader. The campaign has been active since late 2024, threat actors used weaponized Microsoft […]

Pierluigi Paganini July 29, 2024

Belarus-linked APT Ghostwriter targeted Ukraine with PicassoLoader malware

Belarus-linked APT group GhostWriter targeted Ukrainian organizations with a malware family known as PicassoLoader, used to deliver various malicious payloads. The Ukrainian Government’s Computer Emergency Response Team (CERT-UA) reported a surge in activity associated with the APT group UAC-0057 (aka GhostWriter) group between July 12 and 18, 2024. Threat actors distributed documents containing macros designed […]

Pierluigi Paganini April 10, 2022

Facebook blocked Russia and Belarus threat actors’ activity against Ukraine

Facebook/Meta said Russia-linked threat actors are attempting to use the social network against Ukraine with hate speech, bullying, and fake news. Facebook/Meta revealed that Russia-linked threat actors are attempting to weaponize the social network to target Ukraine. The company blocked about 200 accounts operated from Russia that were used to falsely report people for various […]

Pierluigi Paganini March 28, 2022

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon

Ukraine CERT-UA warns that the Belarus-linked GhostWriter APT group is targeting state entities of Ukraine with Cobalt Strike Beacon. Ukraine CERT-UA uncovered a spear-phishing campaign conducted by Belarus-linked GhostWriter APT group targeting Ukrainian state entities with Cobalt Strike Beacon. The phishing messages use a RAR-archive named “Saboteurs.rar”, which contains RAR-archive “Saboteurs 21.03.rar.” This second archive […]

Pierluigi Paganini March 08, 2022

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. Google Threat Analysis Group (TAG), which focuses on the analysis of nation-state threat actors, revealed to have blocked attacks against hundreds of Ukrainians conducted by Belarus and Russian state-sponsored hackers. The attacks have been attributed to the Russia-linked […]

Pierluigi Paganini March 02, 2022

Asylum Ambuscade spear-phishing campaign targets EU countries aiding Ukrainian refugees

A spear-phishing campaign, tracked as Asylum Ambuscade, targets European government personnel aiding Ukrainian refugees. Researchers from cybersecurity firm Proofpoint uncovered a spear-phishing campaign, likely conducted by a nation-state actor, that compromised a Ukrainian armed service member’s email account to target European government personnel involved in managing the logistics of refugees fleeing Ukraine. The phishing messages […]

Pierluigi Paganini November 17, 2021

Mandiant links Ghostwriter operations to Belarus

Security researchers at the Mandiant Threat Intelligence team believe that Ghostwriter APT group is linked to the government of Belarus. Mandiant Threat Intelligence researchers believe that the Ghostwriter disinformation campaign (aka UNC1151) was linked to the government of Belarus. In August 2020, security experts from FireEye uncovered a disinformation campaign aimed at discrediting NATO by […]

Pierluigi Paganini September 25, 2021

European Union formally blames Russia for the GhostWriter operation

European Union representatives formally accused Russia of attempting to target the elections and political systems of several EU states. European Union has formally accused Russia of meddling in the elections and political systems of several EU states. EU high representative said that Russia-linked threat actors were behind a recent operation tracked as Ghostwriter. The officials […]

Pierluigi Paganini March 26, 2021

German Parliament Bundestag targeted again by Russia-linked hackers

Several members of the German Parliament (Bundestag) and other members of the state parliament were hit by a targeted attack allegedly launched by Russia-linked hackers. German newspaper Der Spiegel revealed that email accounts of multiple members of the German Parliament (Bundestag) were targeted with a spearphishing attack. The messages were sent by threat actors to […]

Pierluigi Paganini August 03, 2020

Ghostwriter disinformation campaign aimed at discrediting NATO

Researchers uncovered a disinformation campaign aimed at discrediting NATO via fake news content distributed through compromised news websites. Security experts from FireEye have uncovered a disinformation campaign aimed at discrediting NATO by spreading fake news content on compromised news websites. “The operations have primarily targeted audiences in Lithuania, Latvia, and Poland with anti-North Atlantic Treaty […]

Ghostwriter

New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus

Belarus-linked APT Ghostwriter targeted Ukraine with PicassoLoader malware

Facebook blocked Russia and Belarus threat actors’ activity against Ukraine

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Asylum Ambuscade spear-phishing campaign targets EU countries aiding Ukrainian refugees

Mandiant links Ghostwriter operations to Belarus

European Union formally blames Russia for the GhostWriter operation

German Parliament Bundestag targeted again by Russia-linked hackers

Ghostwriter disinformation campaign aimed at discrediting NATO

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

McLaren Health Care data breach impacted over 743,000 people

American steel giant Nucor confirms data breach in May attack

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes' Data from Saudi Games

Qilin ransomware gang now offers a "Call Lawyer" feature to pressure victims

QUICK LINKS

Ghostwriter

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!