'FrostyNeighbor' APT Carefully Targets Govt Orgs in Poland, Ukraine

ESET and Dark Reading detail a targeted FrostyNeighbor (Ghostwriter/UNC1151) espionage campaign since March that uses spear-phishing PDFs pointing to attacker infrastructure; a JavaScript PicassoLoader fingerprints victims and, for selected Ukrainian/Polish targets, stages a JavaScript dropper that deploys Cobalt Strike. The actors perform server-side victim validation and manual selection to avoid non-targets; the report highlights evolving TTPs, IoCs, and mitigation guidance for government and military organizations in Eastern Europe.