SYMBOL | COMMON_NAME | aka. SYNONYMS |
Ghostwriter is referred as an 'activity set', with various incidents tied together by overlapping behavioral characteristics and personas, rather than as an actor or group in itself.
2023-02-16 ⋅ Google ⋅ Fog of war: how the Ukraine conflict transformed the cyber threat landscape APT28 Ghostwriter SaintBear Sandworm Turla |
2022-07-20 ⋅ Mandiant ⋅ Evacuation and Humanitarian Documents used to Spear Phish Ukrainian Entities Cobalt Strike GraphSteel GrimPlant MicroBackdoor |
2022-07-20 ⋅ U.S. Cyber Command ⋅ Cyber National Mission Force discloses IOCs from Ukrainian networks Cobalt Strike GraphSteel GrimPlant MicroBackdoor |
2022-07-19 ⋅ Google ⋅ Continued cyber activity in Eastern Europe observed by TAG CyberAzov APT28 Callisto Ghostwriter Sandworm Turla |
2022-04-29 ⋅ AttackIQ ⋅ Attack Graph Response to UNC1151 Continued Targeting of Ukraine MicroBackdoor |
2022-04-07 ⋅ InQuest ⋅ Ukraine CyberWar Overview CyclopsBlink Cobalt Strike GraphSteel GrimPlant HermeticWiper HermeticWizard MicroBackdoor PartyTicket Saint Bot Scieron WhisperGate |
2022-03-25 ⋅ GOV.UA ⋅ Who is behind the Cyberattacks on Ukraine's Critical Information Infrastructure: Statistics for March 15-22 Xloader Agent Tesla CaddyWiper Cobalt Strike DoubleZero GraphSteel GrimPlant HeaderTip HermeticWiper IsaacWiper MicroBackdoor Pandora RAT |
2022-03-14 ⋅ Qianxin ⋅ Analysis Of Attack Activities Of Suspected APT Organization UNC1151 Against Ukraine And Other Countries MicroBackdoor |
2022-03-08 ⋅ Cluster25 ⋅ GhostWriter / UNC1151 adopts MicroBackdoor Variants in Cyber Operations against Ukraine MicroBackdoor |
2022-03-07 ⋅ Cert-UA ⋅ UAC-0051 (UNC1151) Cyberattack on Ukrainian State Organizations Using MicroBackdoor Malware (CERT-UA#4109) MicroBackdoor |
2022-02-28 ⋅ Bleeping Computer ⋅ Meta: Ukrainian officials, military targeted by Ghostwriter hackers Ghostwriter |
2022-02-28 ⋅ Bleeping Computer ⋅ Meta: Ukrainian officials, military targeted by Ghostwriter hackers Ghostwriter |
2021-11-16 ⋅ Mandiant ⋅ UNC1151 Assessed with High Confidence to have Links to Belarus, Ghostwriter Campaign Aligned with Belarusian Government Interests Ghostwriter |
2021-05-04 ⋅ Cr4sh / MicroBackdoor : Small and convenient C2 tool for Windows targets MicroBackdoor |
2021-03-31 ⋅ Twitter (@hatr) ⋅ Tweet on Ghostwriter Ghostwriter |
2020-07-29 ⋅ FireEye ⋅ 'Ghostwriter' Influence Campaign: Unknown Actors Leverage Website Compromises and Fabricated Content to Push Narratives Aligned With Russian Security Interests Ghostwriter |