Organizations across Ukraine were noted by the country's Computer Emergency Response Team to have been targeted by Belarus-linked advanced persistent threat operation GhostWriter, also known as UAC-0057, in attacks distributing the PicassoLoader malware, Security Affairs reports.
Intrusions conducted from July 12 to 18 involved the utilization of malicious documents associated with taxation, local government reform, and financial and economic measurements to spread PicassoLoader and eventually result in Cobalt Strike Beacon delivery, according to a report from CERT-UA.
"Based on this, it can be inferred that UAC-0057 might have targeted both project office specialists and their counterparts among the employees of relevant local government bodies in Ukraine," said CERT-UA.
Such a development comes four years after organizations in Belarus were targeted by GhostWriter prior to the 2020 elections, with Belarusian authorities later apprehending some of the opposition members impacted by the hacking operation.
