Ukraine Targeted With Ghostwriter Phishing Campaign

Ukraine’s Computer Emergency Response Team (CERT-UA) has warned of continuing phishing and Ghostwriter activities targeting Ukrainian organisations. 

Security researchers have detected this phishing campaign is linked to a notorious disinformation threat group from Belarus, which is targeting European governments as they try to manage a wave of Ukrainian refugees.

Ghostwriter has previously been used against organisations in Poland as well as domestic targets in Belarus.  

According to CERT-UA, Ghostwriter’s members are officers of the Ministry of Defence of the Republic of Belarus. The threat actor has also been tracked by cyber security firm Mandiant, who say that the Belarus government has been tied to the activities of the  attackers. "Ghostwriter narratives, particularly those critical of neighbouring governments, have been featured on Belarusian state television as fact," according to Mandiant.  

Ghostwriter is particularly associated with Belarussian hacking group UNC1151. Their past activities include promoting anti-NATO material via misinformation networks, website hijacking, spoofing, and targeting Belarusian media outlets and individuals ahead of the 2020 election. 

CERT-UA says that attacks perpetrated by Ghostwriters have been recorded against employees of the National Academy of Sciences Belarus, Voice of the Motherland newspaper, the World Association of Belarusians and other media organizations. The agency has also warned that the threat actor is leveraging an active phishing domain to conduct attacks. “Some EU Member States have observed malicious cyber activities, collectively designated as Ghostwriter, and associated these with the Russian state... Such activities are unacceptable as they seek to threaten our integrity and security, democratic values and principles and the core functioning of our democracies,”

The European Council has previously accused Russia of playing a role in Ghostwriter campaigns. “These malicious cyber activities are targeting numerous members of Parliaments, government officials, politicians, and members of the press and civil society in the EU by accessing computer systems and personal accounts and stealing data... These activities are contrary to the norms of responsible State behaviour in cyberspace as endorsed by all UN Member States, and attempt to undermine our democratic institutions and processes, including by enabling disinformation and information manipulation,” the EU Council said in a statement.  

 EU Consilium:     Mandiant:     Proofpoint:      Oodaloop:     ZDNet:      Bleeping Computer:   

Infosecurity MagazineReuters

You Might Also Read: 

How Did Belarus Shut Down The Internet ?:

 

« Kaspersky Provokes Controversy
Update: The Online War In Ukraine »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Roka Security

Roka Security

Roka Security is a boutique security firm specializing in full-scale network protection, defending against advanced attacks, and rapid response to security incidents.

MetaCompliance

MetaCompliance

MetaCompliance is a cyber security and compliance organisation that helps transform your company culture and safeguard your data and values.

Konfidas

Konfidas

Konfidas provide high-level cybersecurity consulting and professional tailored solutions to meet specific cybersecurity operational needs.

ERNW

ERNW

ERNW is an independent IT Security service provider with a focus on consulting and testing in all areas of IT security.

FinlayJames

FinlayJames

FinlayJames supports cyber security companies to meet the increasing demand and pressure on them by finding top talent within the industry for their sales, marketing and technical teams.

Risk Ident

Risk Ident

RISK IDENT specializes in supporting enterprises in identifying and preventing criminal activity like payment fraud, account takeovers and identity theft.

European Healthcare Fraud & Corruption Network (EHFCN)

European Healthcare Fraud & Corruption Network (EHFCN)

EHFCN is the only organisation dedicated to combating fraud, corruption and waste in the healthcare sector across Europe.

Ustels

Ustels

Ustels provides brand protection strategy, intelligence, monitoring and enforcement services.

Microchip Technology

Microchip Technology

Microchip Technology Inc. is a leading provider of smart, connected and secure embedded control solutions.

ValueMentor

ValueMentor

ValueMentor is a leading cyber security service provider in the Middle East. We enable clients to reduce risk by taking a strategic approach to cybersecurity.

Policy Monitor

Policy Monitor

Policy Monitor is a cyber security company founded by experts with extensive experience in operational and risk management.

Protectt.ai Labs

Protectt.ai Labs

Protectt.ai Labs is India’s first mobile security start up building awareness & providing solutions for mobile app, device & transaction security.

CI-ISAC Australia

CI-ISAC Australia

CI-ISAC has been designed to support and promote existing legislation and Government initiatives that are working to uplift cyber resilience across critical infrastructure sectors.

Certcube Labs

Certcube Labs

Certcube Labs provide a broad range of services in the areas of Assessments, Development, Risk Advisory, Blockchain, Forensics Investigations, Managed Security Solutions, and IT Security Trainings.

Everfox

Everfox

Everfox (formerly Forcepoint Federal) has been defending the world's most critical data and networks against the most complex cyber threats imaginable for more than 25 years.

Nagomi Security

Nagomi Security

Nagomi is changing the way security teams balance risk and defense, empowering customers to focus on what matters now.