UNC1151 Phishing Campaign Targets Belarus and Ukraine
ID: a7cebaf4-da6d-5430-98a4-c2eea5029b17
STIX ID: report--a7cebaf4-da6d-5430-98a4-c2eea5029b17
Feed Name: securityonline.info
A suspected UNC1151 (Ghostwriter/Frosty Neighbor) spear-phishing campaign is actively targeting Belarusian politicians and Ukrainian web portals by sending fake Google security alerts and hosting cloned login pages that capture credentials and relay them in real time (enabling MFA interception). Researchers identified hidden infrastructure behind CDNs and an exposed Polish IP via a misconfigured certificate, attributing the operation to a state-aligned threat actor conducting broad credential theft and political espionage.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
