Share this page!

Lee Foster Profile picture
Twitter logo
28 Apr, 8 tweets, 3 min read
*NEW REPORT*: Today our Information Operations analysis, Cyber Espionage, and Mandiant Research teams released a new report on the #Ghostwriter influence campaign. We highlight two important updates in our understanding of this activity:
fireeye.com/blog/threat-re…
First, we note the expansion of Ghostwriter targeting and TTPs, detailing a number of incidents in which the legitimate social media accounts of Polish politicians were compromised and used to publish fabrications seemingly intended to undermine domestic Polish politics.
This domestic Polish focus, primarily targeting members of parties in the ruling United Right political coalition, is a notable expansion of focus beyond the typical anti-NATO narratives - which we still also continue to see - that we documented in our original 2020 public report
Second, we now assess with high confidence that UNC1151, a suspected state-sponsored cyber espionage actor that engages in credential harvesting and malware campaigns, conducts at least some components of the Ghostwriter influence activity.
However, current intelligence gaps pertaining to some aspects of Ghostwriter, notably website compromises and the operation of false personas we have previously documented, mean we cannot conclusively attribute all aspects of the Ghostwriter campaign to UNC1151 at this time.
We do not associate UNC1151 with any previously tracked threat groups, and in the report provide detailed analysis of the group's credential harvesting and malware activity, including a very detailed tech annex with indicators (appendix 3)
What might fly a little under the radar, but that I think is particularly valuable, is appendix 1 of the report, which documents every incident we have investigated and assess to have been part of the Ghostwriter campaign. We hope this can be a useful repository of GW cases.
Lastly, thank you to the amazing Mandiant Intel team for all their fantastic investigative work over the past year that made this report possible. @RiddellSam , @aldenwahlstrom, David Mainor, @gabby_roncone, @bread08, Lindsay Smith, and the Mandiant Research team!

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Lee Foster

Lee Foster Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @LeeFosterIntel has new unrolls!

Check out other threads from @LeeFosterIntel!

Read all threads by @LeeFosterIntel