Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
The Belarus-aligned threat actor Ghostwriter (aka UAC-0057 and UNC1151) has been observed targeting Ukrainian government organizations with phishing emails that impersonate Prometheus, a Ukrainian online learning platform. According to the Computer Emergency Response Team of Ukraine (CERT-UA), the campaign involves sending emails with Prometheus-themed lures to government entities. The goal is to deliver malware, likely to compromise systems and steal sensitive information. Ghostwriter has a history of conducting cyber espionage and influence operations aligned with Belarusian interests. This latest activity underscores the ongoing cyber threats to Ukraine's government infrastructure amid the conflict with Russia. CERT-UA has issued warnings and recommendations for organizations to enhance their defenses against such phishing attacks.
Developers in government or critical infrastructure must bolster phishing defenses against state-aligned threat actors.