German Parliament members were targeted in an apparent spear-phishing attack recently. Nearly 40 federal and regional Parliament members were affected after their email accounts were accessed. After security personnel became aware of the attack, notifications were sent out to those that were affected. Early analysis from German security researchers gives them reason to believe a Russian threat group known as Ghostwriter is behind the attack. The group has been linked to numerous attacks that align with Russian cybercrime tactics since 2017. When describing the group, FireEye stated, “The Ghostwriter campaign leverages traditional cyber threat activity and information operations tactics to promote narratives intended to chip away at NATO’s cohesion and undermine local support for the organization in Lithuania, Latvia, and Poland.” At this time, the Parliament’s network has not been affected but it is unknown how Ghostwriter plans to move forward after the spear-phishing attack.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased