Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Excel-ent Espionage: Belarusian Hackers Unleash Malware in New Cyber Campaign Targeting Ukraine
Belarusian opposition activists and Ukrainian military organizations are under digital siege from Ghostwriter, a Belarus-aligned threat actor. Using malware-laced Excel files, Ghostwriter is channeling PicassoLoader to unleash a cyber blitz. So, next time you open Excel, remember: those formulas might just be more than a sum of cells!
Hot Take:
Looks like the Ghostwriter threat actor is back with a vengeance, and this time, it’s armed with a bunch of malicious Excel files that are scarier than your last tax audit. Belarusian and Ukrainian targets are being lured in with these ‘spreadsheet-of-doom’ tactics that make Excel’s infamous #REF! errors look like child’s play. It’s like the cyber equivalent of handing someone a piñata filled with bees. So, if you’re in the business of opening random Excel files from suspicious sources, it might be time to rethink your career choices.
Key Points:
- Ghostwriter, a Belarus-aligned threat actor, is targeting Belarusian activists and Ukrainian organizations.
- The attack involves malware-laden Excel documents that deliver a new variant of PicassoLoader.
- The operation has been active since late 2024, according to SentinelOne.
- The attack chain starts with a Google Drive link leading to a RAR archive.
- Techniques include using macros, steganography, and Excel files to deliver additional malware payloads.
Already a member? Log in here