Cisco Talos has discovered a threat actor conducting several campaigns against government entities, military organizations and civilian users in Ukraine and Poland. Cisco Talos judge that these operations are very likely aimed at stealing information and gaining persistent remote access.
The activity Cisco Talos analyzed occurred as early as April 2022 and as recently as earlier this month, demonstrating the persistent nature of the threat actor. Ukraine’s Computer Emergency Response Team (CERT-UA) has attributed the July campaign to the threat actor group UNC1151, as a part of the GhostWriter operational activities allegedly linked to the Belarusian government.
Read more…
Source: Cisco Talos