Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A new campaign attributed to the Ghostwriter threat actor has been observed targeting opposition activists in Belarus and Ukrainian military and government organizations. The operation, which began preparation in mid-2024 and entered an active phase in late 2024, employs weaponized Excel documents with malicious macros to deliver PicassoLoader variants and other payloads. The campaign uses lures related to Ukrainian military and government interests, as well as Belarusian opposition topics. Multiple stages of the attack chain involve obfuscated downloaders, decoy documents, and attempts to fetch additional payloads from command and control servers. The threat actor's tactics have evolved, showing adaptations to previous techniques and targeting both Ukrainian entities and Belarusian opposition groups.
OPENCTI LABELS :
cobalt strike,ukraine,uac-0057,confuserex,unc1151,picassoloader
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition