The Ghostwriter Advanced Persistent Threat (APT) group has targeted Ukrainian government and Belarusian opposition groups since 2024, using sophisticated cyber-espionage methods. The group uses weaponized Excel files with malicious macros to deliver malware payloads. Ghostwriter, linked to Belarus’s government, employs phishing emails and lures victims into enabling macros, eventually deploying a downloader malware variant known as PicassoLoader. Specific tactics include creating decoy Excel files and verifying client profiles to ensure only intended victims receive harmful payloads.
GrassCall malware campaign drains crypto wallets via fake job interviews
A Russian-speaking cybercrime group called Crazy Evil tricked job seekers in the Web3 space into downloading information-stealing malware through a fake “GrassCall” meeting app. The
