MalwareBeginner6 modules

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

HackerLegend.com Threat IntelligenceOriginal Source

Threat Overview

Phishing malware attack: Ghostwriter uses Prometheus lures, targets Ukraine government, exploits compromised accounts

1

Threat Overview

Ghostwriter, a Belarus-aligned threat actor, targets Ukraine government entities with phishing emails using compromised accounts and lures related to Prometheus, a Ukrainian online learning platform.
2

Key Intelligence Points

1. Ghostwriter uses phishing emails with lures related to Prometheus, a Ukrainian online learning platform.
2. The attack targets government organizations in Ukraine, exploiting compromised accounts.
3. The attack chain involves sending phishing emails to government entities.
4. Detection opportunity: monitoring for suspicious emails with Prometheus lures and compromised account activity.
3

MITRE ATT&CK Techniques

T1566.001 Spearphishing Attachment
4

Indicators of Compromise (IOCs) / Affected Systems

prometheus
Ukraine government entities
compromised accounts
5

Mitigation & Detection

Implement email filtering and monitoring for suspicious emails with Prometheus lures, and ensure account security and access controls.
Back to Threat Intelligence Feed