A new cyber campaign has emerged, targeting Belarusian activists and Ukrainian military through malware-infected Microsoft Excel files, attributed to the Ghostwriter threat group. This Belarus-aligned actor has been active since 2016, supporting Russian security interests. Initiated in late 2024, the campaign utilizes social engineering strategies, starting with a Google Drive document leading to a malicious Excel workbook that installs a new variant of PicassoLoader. Additionally, steganographic techniques were employed to download further malware disguised as innocuous images.
A campaign targeting Belarusian opposition and Ukrainian military using malware-laced Excel documents illustrates ongoing cyber threats linked to state-sponsored actors.
Ghostwriter, a long-running Belarus-aligned threat actor, has intensified its operations since late 2024, employing sophisticated techniques to compromise software systems.
Collection
[
|
...
]