Back

Ghostwriter Group Resumes Targeted Cyber Attacks on Ukrainian Government

Severity: High (Score: 73.5)

Sources: Securityaffairs.Co, Thehackernews

Summary

The Ghostwriter group, also known as FrostyNeighbor, has resumed cyber attacks targeting Ukrainian government organizations as of March 2026. ESET researchers have documented this activity, which involves phishing attacks using geofenced PDF files and the deployment of Cobalt Strike malware. The campaign aims to compromise sensitive governmental systems, continuing a pattern of state-sponsored cyber operations against Ukraine. The specific impact on affected systems has not been detailed, but the ongoing nature of these attacks raises significant concerns for national security. As of May 2026, the campaign remains active, with ongoing efforts to mitigate the threats posed by these attacks. Key Points: • Ghostwriter group resumed attacks on Ukrainian government organizations in March 2026. • Phishing attacks utilize geofenced PDF files and Cobalt Strike malware. • The campaign represents a continuation of state-sponsored cyber operations against Ukraine.

Key Entities

  • FrostyNeighbor (apt_group)
  • Ghostwriter (campaign)
  • Phishing (attack_type)
  • Government (industry)
  • T1566.001 - Spearphishing Attachment (mitre_attack)
  • Cobalt Strike (malware)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed