Ukraine security agencies warn of Ghostwriter threat activity, phishing campaigns
Ukraine’s Computer Emergency Response Team (CERT-UA) has warned of continuing phishing and Ghostwriter activities targeting Ukrainian organizations. According to the team, Ghostwriter is primarily focusing on targets in Belarus, Russia, Poland, and Ukraine and is believed to be of Belarusian origin. According to CERT-UA, Ghostwriter’s members are officers of the Ministry of Defense of the Republic of Belarus. The threat actor has also been tracked by cybersecurity firm Mandiant, who says that the Belarus government has been tied to the activities of the cyber attackers.
In addition, the European Council has previously accused Russia of playing a role in Ghostwriter campaigns. Ghostwriter’s past activities include promoting anti-NATO material via misinformation networks, website hijacking, spoofing, and targeting Belarusian media outlets and individuals ahead of the 2020 election. CERT-UA says that attacks perpetrated by Ghostwriters have been recorded against employees of the National Academy of Sciences Belarus, Voice of the Motherland newspaper, the World Association of Belarusians, Belarusian Music Festival, and additional media organizations. The agency also warned that the threat actor is leveraging an active phishing domain to conduct attacks.