Belarus-Linked UNC1151 Launches Gmail Phishing Campaign to Steal 2FA Codes
ID: 3ace23dc-f270-51d2-aaff-764146596481
STIX ID: report--3ace23dc-f270-51d2-aaff-764146596481
Feed Name: The Cyber Express
Threat Score
CERT Polska reports that UNC1151 (Ghostwriter), a Belarus-linked APT, has shifted from targeting Polish webmail providers to a high-volume Gmail phishing campaign that actively harvests passwords and two-factor authentication codes via convincing fake Gmail login pages, deceptive domains (e.g., .digital, .icu, Netlify subdomains) and compromised sites, targeting politicians, officials, journalists, researchers and their contacts.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
