Ukrainian orgs targeted with PicassoLoader malware - #Ghostwriter
The GhostWriter hacking group, also known as UAC-0057 and linked to the Belarusian government, has been conducting a series of cyber campaigns targeting Ukrainian government entities, military organizations, and civilian users. The attacks, which have evolved in sophistication over the years, often begin with phishing emails containing malicious Microsoft Office documents that deploy malware like PicassoLoader, Cobalt Strike Beacon, AgentTesla, and njRAT. These malware strains are designed to steal sensitive information and gain persistent remote access to infected systems. The group has also targeted allies of Ukraine, such as Lithuania, Latvia, and Poland, and has exploited vulnerabilities like the WinRAR zero-day flaw CVE-2023-38831. The campaigns align with Russian and Belarusian strategic interests, indicating a potential collaboration between the two nations in cyber operations.