CyberWire Daily Excel-lerating cyberattacks. [Research Saturday]
9 snips
Mar 22, 2025 Tom Hegel, Principal Threat Researcher at SentinelLabs, delves into the alarming tactics of the Ghostwriter cyber group targeting Ukraine and Belarus. He reveals how weaponized Excel documents are exploited in sophisticated malware attacks. The discussion highlights new obfuscation techniques and the strategic targeting of political opposition during wartime. Hegel emphasizes the importance of understanding basic cyber threats and fortifying defenses against relentless and clever attacks that can compromise even well-guarded systems.
AI Snips
Chapters
Transcript
Episode notes
Ghostwriter's Shift in Focus
- Ghostwriter, active for nearly a decade, gained attention due to actions in Ukraine.
- Their focus shifted to Belarusian political opposition during the presidential election.
Ghostwriter's Targets and Motives
- Ghostwriter targets Ukrainian and Belarusian entities due to Belarusian government ties and potential Russian collaboration.
- They aim to gather intelligence on Ukrainian operations and spread propaganda against Belarusian opposition.
Ghostwriter's Attack Techniques
- Ghostwriter uses phishing emails with links to malicious Excel spreadsheets containing obfuscated VBA macros.
- These macros create DLL files that download malware, granting persistent access to targeted devices.