Ghostwriter Group Resumes Targeted Cyber Attacks on Ukrainian Government

Ghostwriter Group Resumes Targeted Cyber Attacks on Ukrainian Government

First seen 15 May 2026, 11:58 UTC ThehackernewsSecurityaffairs.CoForo3D 77% similarity 73.5

Article Content

Browse articles
ThreatCluster

The Ghostwriter group, also known as FrostyNeighbor, has resumed cyber attacks targeting Ukrainian government organizations as of March 2026. ESET researchers have documented this activity, which involves phishing attacks using geofenced PDF files and the deployment of Cobalt Strike malware. The campaign aims to compromise sensitive governmental systems, continuing a pattern of state-sponsored cyber operations against Ukraine. The specific impact on affected systems has not been detailed, but the ongoing nature of these attacks raises significant concerns for national security. As of May 2026, the campaign remains active, with ongoing efforts to mitigate the threats posed by these attacks.

Key Points: • Ghostwriter group resumed attacks on Ukrainian government organizations in March 2026. • Phishing attacks utilize geofenced PDF files and Cobalt Strike malware. • The campaign represents a continuation of state-sponsored cyber operations against Ukraine.

ThreatCluster AI

Timeline

2026-03-01
Ghostwriter campaign resumes
The Ghostwriter group began a new series of attacks targeting Ukrainian government entities.
Securityaffairs.Co
2026-05-14
Phishing techniques detailed
The Hacker News reported on the use of geofenced PDF phishing and Cobalt Strike in the attacks.
Thehackernews
2026-05-15
ESET report published
ESET researchers released a report documenting the ongoing activities of the Ghostwriter group targeting Ukraine.
Securityaffairs.Co

Community

Browse all →