Ghostwriter (hacker group)
Formation | c. 2016 |
---|---|
Type | Minsk, Belarus[1] |
Region | Belarus |
Methods | phishing |
Affiliations | Armed Forces of Belarus[1] |
Ghostwriter, also known as UNC1151 and Storm-0257 by Microsoft,[2] is a hacker group allegedly originating from Belarus. According to the cybersecurity firm Mandiant, the group has spread disinformation critical of NATO since at least 2016.[3]
History
The name Ghostwriter comes from the group's first attacks, whereby they would steal credentials of journalists or publishers and publish fake articles using those credentials. Hence, the group effectively became unwanted
The European Union has blamed this group for hacking German government officials.
EU's foreign policy chef Josep Borrell has threatened Russia for sanctions.[6]
According to Serhiy Demedyuk, deputy secretary of the national security and defense council of Ukraine, the group was responsible for defacement of Ukrainian government websites in January 2022.[7]
In February 2022
Characteristics and techniques
The group has executed
References
- ^ a b Satter, Raphael (2022-02-25). "Ukraine says its military is being targeted by Belarusian hackers". Reuters. Retrieved 2022-03-07.
- ^ "How Microsoft names threat actors". Microsoft. Retrieved 21 January 2024.
- ^ "Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity | Mandiant". www.mandiant.com. Retrieved 2022-03-02.
- ^ "'Ghostwriter' Influence Campaign" (PDF). FireEye. Retrieved 5 March 2022.
- ^ "DebUNCing Attribution: How Mandiant Tracks Uncategorized Threat Actors | Mandiant". www.mandiant.com. Retrieved 2022-03-07.
- ^ "EU threatens sanctions on Russia over 'malicious cyber activities'". euronews. 2021-09-24. Retrieved 2021-09-24.
- ^ a b Polityuk, Pavel (2022-01-16). "EXCLUSIVE Ukraine suspects group linked to Belarus intelligence over cyberattack". Reuters. Retrieved 2022-03-07.
- ^ a b c Corfield, Gareth (2022-02-25). "Ukraine seeks volunteers to defend networks as Russian troops menace Kyiv". The Register. Retrieved 2022-02-26.
- ISSN 1059-1028. Retrieved 2022-03-02.