Summary: SentinelLABS has revealed a new Ghostwriter campaign targeting Ukrainian military and government entities, as well as Belarusian opposition activists, through weaponized Excel documents. This evolving threat utilizes advanced malware delivery methods and evasion techniques, marking a significant increase in the group’s operational capabilities. The campaign highlights the ongoing risks associated with state-sponsored cyber espionage amidst rising geopolitical tensions.
Affected: Ukrainian military, government entities, Belarusian opposition activists
Keypoints:
- The campaign uses weaponized Excel files disguised as political documents to deploy malware.
- Attacks follow a multi-stage infection process involving malicious macros and obfuscated DLLs.
- Advanced evasion techniques are employed, including memory-only execution and modified PE headers.
Source: https://securityonline.info/weaponized-excel-documents-ghostwriters-new-tool-of-cyber-espionage/