Ghostwriter targets Ukrainian government bodies with Prometheus-lured phishing

Colleagues, please note: a Ghostwriter campaign targeting Ukrainian public institutions has been detected. CERT-UA reports phishing emails from compromised accounts delivering a PDF linking to a ZIP; inside is JavaScript (OYSTERFRESH → OYSTERBLUES → OYSTERSHUCK) that harvests data and deploys a final module assessed as Cobalt Strike. CERT-UA recommends restricting wscript.exe execution for standard accounts and accounting for AI use and attackers’ intent for long-term persistence. Why it matters: the risk of data exfiltration and sustained network control is increasing. How will you respond to such campaigns? #cybersecurity #phishing #CERTUA #Ghostwriter


Latest comments
No comments yet.