• Home
  • Cyber Attack
  • Ukrainian Government’s Computer Emergency Response Team (CERT-UA)
Cyber Attack cyber

Ukrainian Government’s Computer Emergency Response Team (CERT-UA)

Aug 6, 2024 1 min read
Ukrainian Government’s Computer Emergency Response Team (CERT-UA)

The Belarus-linked APT group GhostWriter targeted Ukrainian governmental organizations with PicassoLoader malware, distributing documents with malicious macros. These documents, which pertained to taxation and financial-economic metrics, were aimed at project office specialists and local government employees. This strategy suggests an intention for cyber espionage against the Ukrainian government. Mandiant linked GhostWriter to Belarus, known for disinformation and news website CMS compromises. The campaign impacted both Ukraine's internal governance and could potentially affect Eastern European regional stability.

Source: https://securityaffairs.com/166265/intelligence/belarus-apt-ghostwriter-targeted-ukraine.html

TPRM report: https://scoringcyber.rankiteo.com/company/cert-ua

"id": "cer006080624",
"linkid": "cert-ua",
"type": "Cyber Attack",
"date": "7/2024",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"
{'affected_entities': [{'industry': 'Public Sector',
                        'location': 'Ukraine',
                        'name': 'Ukrainian Governmental Organizations',
                        'type': 'Government'}],
 'attack_vector': ['Malicious Documents', 'Malicious Macros'],
 'description': 'The Belarus-linked APT group GhostWriter targeted Ukrainian '
                'governmental organizations with PicassoLoader malware, '
                'distributing documents with malicious macros. These '
                'documents, which pertained to taxation and financial-economic '
                'metrics, were aimed at project office specialists and local '
                'government employees. This strategy suggests an intention for '
                'cyber espionage against the Ukrainian government. Mandiant '
                'linked GhostWriter to Belarus, known for disinformation and '
                'news website CMS compromises. The campaign impacted both '
                "Ukraine's internal governance and could potentially affect "
                'Eastern European regional stability.',
 'impact': {'operational_impact': ['Internal Governance',
                                   'Regional Stability']},
 'initial_access_broker': {'high_value_targets': ['Project Office Specialists',
                                                  'Local Government '
                                                  'Employees']},
 'motivation': 'Cyber Espionage',
 'references': [{'source': 'Mandiant'}],
 'threat_actor': 'GhostWriter APT Group',
 'title': 'GhostWriter APT Group Targets Ukrainian Government with '
          'PicassoLoader Malware',
 'type': 'Cyber Espionage'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.