FrostyNeighbor Cyberespionage Campaign Targets Ukrainian and Polish Governments
ID: 98e78bc3-2678-51d3-b85e-4b94603134df
STIX ID: report--98e78bc3-2678-51d3-b85e-4b94603134df
Feed Name: ThreatCluster
Threat Score
FrostyNeighbor, a Belarus-aligned APT, has been conducting a high-severity cyberespionage campaign since March 2026 against Ukrainian and Polish government organizations. The group leverages spearphishing with malicious PDFs impersonating Ukrtelecom to deliver a JavaScript variant of PicassoLoader that stages Cobalt Strike, fingerprints victim systems for geo-selective payload delivery, and exploits vulnerabilities including CVE-2024 and CVE-2023-38831 to target military and governmental entities.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.