Ghostwriter (hacker Group)
   HOME

TheInfoList



Click Here for Items Related To - Ghostwriter (hacker Group)
OR:
Ghostwriter (hacker Group) on:   [Wikipedia]   [Google]   [Amazon]

Ghostwriter also known as UNC1151 is a
hacker group Hacker groups are informal communities that began to flourish in the early 1980s, with the advent of the home computer. Overview Prior to that time, the term ''hacker'' was simply a referral to any computer hobbyist. The hacker groups were out ...
allegedly originating from
Belarus Belarus,, , ; alternatively and formerly known as Byelorussia (from Russian ). officially the Republic of Belarus,; rus, Республика Беларусь, Respublika Belarus. is a landlocked country in Eastern Europe. It is bordered by R ...
. According to the cybersecurity firm
Mandiant Mandiant is an American cybersecurity firm and a subsidiary of Google. It rose to prominence in February 2013 when it released a report directly implicating China in cyber espionage. In December 2013, Mandiant was acquired by FireEye for $1 bi ...
, the group has spread disinformation critical of
NATO The North Atlantic Treaty Organization (NATO, ; french: Organisation du traité de l'Atlantique nord, ), also called the North Atlantic Alliance, is an intergovernmental military alliance between 30 member states – 28 European and two No ...
since at least 2016.


History

The name Ghostwriter comes from the group's first attacks, whereby they would steal credentials of journalists or publishers and publish fake articles using those credentials. Hence, the group effectively became unwanted
ghostwriters A ghostwriter is hired to write literary or journalistic works, speeches, or other texts that are officially credited to another person as the author. Celebrities, executives, participants in timely news stories, and political leaders often ...
for those with stolen credentials. UNC1151 is an internal company name by Mandiant given to uncategorized groups of "cyber intrusion activity." The
European Union The European Union (EU) is a supranational political and economic union of member states that are located primarily in Europe. The union has a total area of and an estimated total population of about 447million. The EU has often been des ...
has blamed this group for hacking German government officials. EU's foreign policy chef
Josep Borrell Josep Borrell Fontelles (; born 24 April 1947) is a Spanish politician serving as High Representative of the Union for Foreign Affairs and Security Policy since 1 December 2019. A member of the Spanish Socialist Workers' Party (PSOE), he served ...
has threatened Russia for sanctions. According to Serhiy Demedyuk, deputy secretary of the national security and defense council of Ukraine, the group was responsible for defacement of Ukrainian government websites in January 2022. In February 2022
The Register ''The Register'' is a British technology news website co-founded in 1994 by Mike Magee, John Lettice and Ross Alderson. The online newspaper's masthead sublogo is "''Biting the hand that feeds IT''." Their primary focus is information tec ...
reported that a
Ukrainian Ukrainian may refer to: * Something of, from, or related to Ukraine * Something relating to Ukrainians, an East Slavic people from Eastern Europe * Something relating to demographics of Ukraine in terms of demography and population of Ukraine * So ...
CERT had announced that the group was targeting "private ‘i.ua’ and ‘meta.ua’
mail The mail or post is a system for physically transporting postcards, letter (message), letters, and parcel (package), parcels. A postal service can be private or public, though many governments place restrictions on private systems. Since the mid ...
accounts of Ukrainian military personnel and related individuals" as part of a
phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...
attack during the
invasion of Ukraine The territory of present-day Ukraine has been Invasion, invaded or Military occupation, occupied a number of times throughout History of Ukraine, its history. List See also *List of invasions *List of wars involving Ukraine References

...
.
Mandiant Mandiant is an American cybersecurity firm and a subsidiary of Google. It rose to prominence in February 2013 when it released a report directly implicating China in cyber espionage. In December 2013, Mandiant was acquired by FireEye for $1 bi ...
said that two domains mentioned by the CERT, ''i a-passport pace'' and ''id igmir pace'' were known
command and control Command and control (abbr. C2) is a "set of organizational and technical attributes and processes ... hatemploys human, physical, and information resources to solve problems and accomplish missions" to achieve the goals of an organization or en ...
domains of the group. Mandiant also said "We are able to tie the infrastructure reported by CERT.UA to UNC1151, but have not seen the phishing messages directly. However, UNC1151 has targeted Ukraine and especially its military extensively over the past two years, so this activity matches their historical pattern."


Characteristics and techniques

The group has executed
spear-phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...
campaigns against members of legitimate press to infiltrate the content management systems of those organizations. Then, the group uses the system to publish their own fake stories.


References

Hacker groups Hacking in the 2020s {{computer-security-stub