Belarusian hackers target Ukraine’s Ministry of Defence in new espionage campaign
05-June-24
Belarusian state-sponsored hackers, identified as Ghostwriter, have targeted Ukraine’s Ministry of Defence and a military base in a recent cyberespionage campaign, sending phishing emails containing malicious drone image files and Excel spreadsheets. Discovered by cybersecurity firm Cyble in April, the attack used VBA Macros within the documents to deploy malicious payloads, potentially including AgentTesla, Cobalt Strike beacons, and njRAT. Ghostwriter, active since at least 2017, has a history of targeting Ukraine and neighboring countries, primarily aiming to steal information and gain remote system access. Concurrently, Ukraine’s CERT-UA reported additional cyberattacks using DarkCrystal malware, delivered via the Signal app by hackers posing as known contacts, indicating a rise in sophisticated and persistent threats against Ukrainian military and critical infrastructure.
