Excel-ent Espionage: Belarusian Hackers Unleash Malware in New Cyber Campaign Targeting Ukraine
Belarusian opposition activists and Ukrainian military organizations are under digital siege from Ghostwriter, a Belarus-aligned threat actor. Using malware-laced Excel files, Ghostwriter is channeling PicassoLoader to unleash a cyber blitz. So, next time you open Excel, remember: those formulas might just be more than a sum of cells!
Hot Take:
Looks like the Ghostwriter threat actor is back with a vengeance, and this time, it’s armed with a bunch of malicious Excel files that are scarier than your last tax audit. Belarusian and Ukrainian targets are being lured in with these ‘spreadsheet-of-doom’ tactics that make Excel’s infamous #REF! errors look like child’s play. It’s like the cyber equivalent of handing someone a piñata filled with bees. So, if you’re in the business of opening random Excel files from suspicious sources, it might be time to rethink your career choices.
Key Points:
- Ghostwriter, a Belarus-aligned threat actor, is targeting Belarusian activists and Ukrainian organizations.
- The attack involves malware-laden Excel documents that deliver a new variant of PicassoLoader.
- The operation has been active since late 2024, according to SentinelOne.
- The attack chain starts with a Google Drive link leading to a RAR archive.
- Techniques include using macros, steganography, and Excel files to deliver additional malware payloads.