Researchers have published new information about a malicious campaign targeting government agencies, military organizations and civilian entities in Ukraine and Poland.
From at least April 2022 until this month, hackers attempted to infiltrate victims’ devices to steal information and gain permanent remote access, according to a new report released by cybersecurity firm Cisco Talos.
The researchers did not disclose the extent of the impact of the attacks.
Cisco Talos noted that Ukraine’s computer emergency response team (CERT-UA) recently attributed the July incidents to the hacker group UNC1151, also known as GhostWriter, which has been linked to the Belarusian government.
CERT-UA’s report did not include information about attacks before July.
GhostWriter has targeted Ukrainian military personnel and Poland’s government services before. The group mostly carries out phishing operations that steal email login credentials, compromise websites and distribute malware.
In the campaign tracked by Cisco Talos, hackers used a multistage infection chain to get into their targets’ systems. First, they sent malicious Microsoft Office email attachments, mostly using Microsoft Excel and PowerPoint file formats, the researchers said
Source : The Record