The Belarus-linked APT group GhostWriter targeted Ukrainian governmental organizations with PicassoLoader malware, distributing documents with malicious macros. These documents, which pertained to taxation and financial-economic metrics, were aimed at project office specialists and local government employees. This strategy suggests an intention for cyber espionage against the Ukrainian government. Mandiant linked GhostWriter to Belarus, known for disinformation and news website CMS compromises. The campaign impacted both Ukraine's internal governance and could potentially affect Eastern European regional stability.
Source: https://securityaffairs.com/166265/intelligence/belarus-apt-ghostwriter-targeted-ukraine.html
"id": "cer006080624",
"linkid": "cert-ua",
"type": "Cyber Attack",
"date": "7/2024",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"