FrostyNeighbor: Fresh mischief and digital shenanigans

FrostyNeighbor (aka Ghostwriter/UNC1151) conducted March 2026 spearphishing campaigns against Ukrainian governmental targets using lure PDFs that fetch a JavaScript dropper and a JavaScript PicassoLoader downloader which fingerprints victims and, after server-side (and likely manual) validation, delivers a Cobalt Strike beacon; the report includes technical analysis of the compromise chain, file and network IoCs, and mapped ATT&CK techniques.