Ukraine security agencies warn of Ghostwriter threat activity, phishing campaigns

The Computer Emergency Response Team for Ukraine (CERT-UA) has warned of ongoing phishing and Ghostwriter activities attacking organizations in the country. 

Ukraine Crisis

On February 26, CERT-UA said it continues to track the movements of UNC1151/Ghostwriter, which is currently attacking targets in Ukraine, Poland, Belarus, and Russia. 

Ghostwriter is believed to be of Belarusian origin. According to the security agency, its members are officers of the Ministry of Defence of the Republic of Belarus. 

Cybersecurity firm Mandiant has been tracking campaigns supported by UNC1151. In particular, the company says that “technical support” is provided to Ghostwriter campaigns and the Belarus government has been accused of being at least “partially responsible” for the activities of these cyberattackers. 

The European Council has previously accused Russia of having a part to play in Ghostwriter campaigns. 

Ghostwriter is said to align with Belarus state interests. Past activities have included promoting anti-NATO material through misinformation networks, spoofing, and website hijacking, as well as targeting Belarusian media outlets and individuals prior to the 2020 election. 

“Ghostwriter narratives, particularly those critical of neighboring governments, have been featured on Belarusian state television as fact,” Mandiant says. 

According to CERT-UA, Ghostwriter cyberattacks have been recorded against

Read More: