> TritonInfoSec News
Home / May 15, 2026 / Story
0
#8 The Hacker News general May 14, 2026 at 14:00 UTC

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

By [email protected] (The Hacker News)

AI Summary

Belarus-aligned APT Ghostwriter (also tracked as FrostyNeighbor, Storm-0257, TA445) is conducting geofenced PDF phishing campaigns against Ukrainian governmental organizations, delivering Cobalt Strike as the post-exploitation payload. The group uses victim fingerprinting before payload delivery, a tactic that complicates sandbox analysis, and has been active since at least 2016 targeting Ukraine and neighboring countries.

Read full article → https://thehackernews.com/2026/05/ghostwriter-targ…

Relevance score: 79.0/100

# More from May 15

  1. 1
    Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks BleepingComputer
  2. 2
    OpenAI confirms security breach in TanStack supply chain attack BleepingComputer
  3. 3
    18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE The Hacker News
  4. 4
    Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026 BleepingComputer
  5. 5
    Major tech manufacturer Foxconn confirms cyberattack hit North American factories CyberScoop
  6. 6
    New Fragnesia Linux flaw lets attackers gain root privileges BleepingComputer
  7. 7
    Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation The Hacker News
  8. 9
    Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets The Hacker News
  9. 10
    Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday The Hacker News