FrostyNeighbor Targets Ukrainian Government with Evolving Cyber Tactics

FrostyNeighbor, a Belarus-aligned APT active since at least 2016, has intensified spearphishing operations against Ukrainian government organizations using malicious PDFs that lead to a JavaScript variant of the PicassoLoader downloader to deploy Cobalt Strike; campaigns impersonate Ukrtelecom and have leveraged CVE-2023-38831, with ESET telemetry corroborating the activity.