Tag Archive for: Ghostwriter

EU officially blames Russia for ‘Ghostwriter’ hacking activities

/in


EU officially blames Russia for 'Ghostwriter' hacking activities

Image: Christian Lue

The European Union has officially linked Russia to a hacking operation known as Ghostwriter that targets high-profile EU officials, journalists, and the general public.

“These malicious cyber activities are targeting numerous members of Parliaments, government officials, politicians, and members of the press and civil society in the EU by accessing computer systems and personal accounts and stealing data,” European Council officials said in a press release today.

“Such activities are unacceptable as they seek to threaten our integrity and security, democratic values and principles and the core functioning of our democracies.”

The EU officials added that these hacking activities are in stark contrast to normal state behavior endorsed by all UN member states.

The attacks are also seen as clear attempts to undermine EU’s democratic institutions and processes, including but not limited to enabling disinformation and information manipulation.

Linked to Russia’s GRU military intelligence service

The Ghostwriter “malicious cyber activities” were also connected by Germany to the GRU military intelligence service earlier this month, with German Foreign Ministry spokeswoman Andrea Sasse saying that the German parliament was targeted at least three times this year.

Sasse’s statement came after German security authorities detected multiple attempts to steal personal login details of German lawmakers before the September 26 federal election, likely as part of a preparation effort for disinformation campaigns

“The German government has reliable information on the basis of which Ghostwriter activities can be attributed to cyber actors of the Russian state and, specifically, Russia’s GRU military intelligence service,” Sasse said.

In March, Germany also said that the Ghostwriter Russian military intelligence hacking group is the main suspect behind a spearphishing attack that targeted multiple Parliament members.

They are believed to have breached the email accounts of seven members of the German federal parliament (Bundestag) and 31 members of German regional parliaments.

“The European Union and its Member States strongly denounce these malicious cyber activities, which…

Source…

Ghostwriter update. Quds Day warning. Drivetime talk radio comes to the cyber battlespace? Secrecy as friction. Inadvertent tweets.

/in


At a glance.

  • Update on Ghostwriter.
  • Jerusalem Day alert.
  • Zoom prankers and deepfake goofs.
  • Secrecy as friction.
  • Inadvertent tweets.

Ghostwriter, and signs of a broader campaign.

FireEye’s Mandiant unit this morning updated its research into Ghostwriter, an influence-operator that came to attention last year as it sought to affect public opinion in Latvia, Lithuania, and Poland. Its messaging then was anti-NATO. The campaigns of 2020 relied upon artlessly crude forgeries and implausible rumor-mongering, but of course disinformation doesn’t need to be art, as long as it can get the right amplification, which Ghostwriter worked to accomplish. 

It was easy for officials to quickly debunk such hogwash as the claim that Canadian soldiers were spreading COVID-19, or that an internal memo circulating in the Polish Ministry of Defense called for resistance against an American “army of occupation” (forged memo helpfully provided, hijacked social media accounts used to lend plausibility to a very implausible narrative). CyberScoop offered a useful account of these efforts at the end of last July. But of course lies can have a bit of a run if they’re provided with a headstart.

In any case, Ghostwriter has now expanded its thematic content to include disruption of domestic Polish politics and also (according to Tagesschau) credential theft attacks on German political figures. FireEye believes the threat actor it tracks as UNC1151 operates some portions of Ghostwriter. The firm characterizes UNC1151 as “a suspected state-sponsored cyber espionage actor that engages in credential harvesting and malware campaigns.”

Taggeschau calls the attackers “chaos troops,” which is apt enough for an operation that aims at disruption. At least seven members of Germany’s Bundestag have received phishing emails, as have some thirty members of the Länder assemblies, that is, the state-level legislatures. German authorities are taking activity seriously. The Bundesamt für Verfassungsschutz (the BfV, the Federal Office for the Protection of the Constitution) und the Bundesamt für die Sicherheit in der Informationstechnik (the BSI, the Federal Officer for Information Security) are investigating, and have…

Source…