Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
Attackers steal confidential information and establish permanent remote access to computer systems.
A new hacker group, UNC1151, has stepped up its activities, launching a series of cyber attacks on government agencies, military institutions, and ordinary users in Ukraine and Poland.
According to the latest Cisco Talos report, the group's malicious activities began in April 2022 and continue to this day. The main goal of attackers is to steal confidential information and establish permanent remote access to computer systems.
The Ukrainian service CERT-UA (Computer Emergency Response Team) links the cyberattacks to the UNC1151 group and its campaign called GhostWriter, allegedly linked to the Belarusian government, as reported by Cisco Talos.
The methods used in attacks are a complex multi-stage chain of infection. It is initialized by malicious Excel and PowerPoint documents that contain hidden executable file loaders and malicious programs embedded in images, which makes them difficult to detect.
Attack chain: a decoy encourages the user to activate macros that infect the system
The main target of cyber attacks are state and military institutions in Ukraine and Poland. Hackers use social engineering techniques to disguise their actions as authentic images and texts.
The goal of social engineering is to convince victims to activate macros, which allows attackers to start a chain of malicious actions. According to reports, Ukrainian and Polish businesses, as well as ordinary users, fell victim to these campaigns when they opened Excel spreadsheets that mimic VAT refund forms.
Analysis of the attacks revealed the use of various malicious programs by hackers, including the AgentTesla RAT Trojan, Cobalt Strike and njRAT beacons. Malware attacks allow attackers to steal information and gain remote control over compromised systems.
To minimize the risk of cyberattacks, Cisco Talos strongly recommends taking comprehensive security measures. In its report, the company also provided a complete list of signs of compromise (IoC) associated with these threats.
In April, the Polish Ministry of National Defense reported on a recent disinformation campaign called Ghostwriter, which was linked to the allegedly Belarusian hacker group UNC1151.
Initially, the Ghostwriter campaign was directed against Poland, Lithuania and Latvia, as well as Ukraine. According to experts, hackers left obvious digital traces. Then Mandiant experts linked this campaign to UNC1151 . UNC1151 also attacked a number of Belarusian media outlets and several representatives of the political opposition in Belarus a year before the 2020 elections. In several cases, individuals attacked by UNC1151 before the 2020 Belarusian elections were subsequently arrested by the Belarusian authorities.
A new hacker group, UNC1151, has stepped up its activities, launching a series of cyber attacks on government agencies, military institutions, and ordinary users in Ukraine and Poland.
According to the latest Cisco Talos report, the group's malicious activities began in April 2022 and continue to this day. The main goal of attackers is to steal confidential information and establish permanent remote access to computer systems.
The Ukrainian service CERT-UA (Computer Emergency Response Team) links the cyberattacks to the UNC1151 group and its campaign called GhostWriter, allegedly linked to the Belarusian government, as reported by Cisco Talos.
The methods used in attacks are a complex multi-stage chain of infection. It is initialized by malicious Excel and PowerPoint documents that contain hidden executable file loaders and malicious programs embedded in images, which makes them difficult to detect.
Attack chain: a decoy encourages the user to activate macros that infect the system
The main target of cyber attacks are state and military institutions in Ukraine and Poland. Hackers use social engineering techniques to disguise their actions as authentic images and texts.
The goal of social engineering is to convince victims to activate macros, which allows attackers to start a chain of malicious actions. According to reports, Ukrainian and Polish businesses, as well as ordinary users, fell victim to these campaigns when they opened Excel spreadsheets that mimic VAT refund forms.
Analysis of the attacks revealed the use of various malicious programs by hackers, including the AgentTesla RAT Trojan, Cobalt Strike and njRAT beacons. Malware attacks allow attackers to steal information and gain remote control over compromised systems.
To minimize the risk of cyberattacks, Cisco Talos strongly recommends taking comprehensive security measures. In its report, the company also provided a complete list of signs of compromise (IoC) associated with these threats.
In April, the Polish Ministry of National Defense reported on a recent disinformation campaign called Ghostwriter, which was linked to the allegedly Belarusian hacker group UNC1151.
Initially, the Ghostwriter campaign was directed against Poland, Lithuania and Latvia, as well as Ukraine. According to experts, hackers left obvious digital traces. Then Mandiant experts linked this campaign to UNC1151 . UNC1151 also attacked a number of Belarusian media outlets and several representatives of the political opposition in Belarus a year before the 2020 elections. In several cases, individuals attacked by UNC1151 before the 2020 Belarusian elections were subsequently arrested by the Belarusian authorities.
