Belarus-Linked Ghostwriter Uses Macropack-Obfuscated Excel Macros to Deploy Malware

Published by The Hacker News on in Hacking
Tags: belarus cyber attack malware excel doc picassoloader variant ghostwriter threat actor microsoft office exploit cybersecurity threats belarus ukrainian military hacking government organization compromise office document malware ransomware delivery method threat actor profile belarus aligned threat malware laced documents excel doc malware campaign
AI Analysis

A new campaign has emerged, targeting opposition activists in Belarus, Ukrainian military, and government organizations with malware-laced Microsoft Excel documents. The documents deliver a variant of the PicassoLoader malware, posing a significant threat to affected parties. This campaign is believed to be an extension of a long-running operation by a Belarus-aligned threat actor known as Ghostwriter. The use of seemingly innocuous documents as lures highlights the cunning and deceptive nature of cyberattacks. Experts warn that this campaign may be linked to state-sponsored activities, emphasizing the need for increased vigilance and cooperation between governments and private sector entities to mitigate the threat.

Key Points

  • The use of malware-laced Microsoft Excel documents as lures to deliver the PicassoLoader variant raises concerns about the sophistication and creativity of cyberattacks.
  • The involvement of opposition activists in Belarus highlights the targeting of individuals and groups that speak out against oppressive regimes.
  • The attribution of the campaign to a Belarus-aligned threat actor, Ghostwriter, suggests a potential link to state-sponsored activities. Summary A new campaign has emerged, targeting opposition activists in Belarus, Ukrainian military, and government organizations with malware-laced Microsoft Excel documents. The documents deliver a variant of the PicassoLoader malware, posing a significant threat to affected parties. This campaign is believed to be an extension of a long-running operation by a Belarus-aligned threat actor known as Ghostwriter. The use of seemingly innocuous documents as lures highlights the cunning and deceptive nature of cyberattacks. Experts warn that this campaign may be linked to state-sponsored activities, emphasizing the need for increased vigilance and cooperation between governments and private sector entities to mitigate the threat.

Original Article

Opposition activists in Belarus as well as Ukrainian military and government organizations are the target of a new campaign that employs malware-laced Microsoft Excel documents as lures to deliver a new variant of PicassoLoader.  The threat cluster has been assessed to be an extension of a long-running campaign mounted by a Belarus-aligned threat actor dubbed Ghostwriter (aka Moonscape,

Source: The Hacker News

Share This Article

Hashtags for Sharing

Related Articles

Comments