Targeting

Matt -

Today in the space between war and peace…

  • Cyber Threat Group Targets Ukrainian Notaries with Phishing Attacks to Access Government Registries
  • Belarusian Cyber Threat Group GhostWriter Launches Cyber Espionage Campaign Targeting Opposition and Ukrainian Entities
  • Lessons from Ukraine's Conflict: Implications for Taiwan and the Nordic-Baltic Region on Deterrence and Security
  • Chinese Group Breaches Belgium's State Security Service
  • Taiwan Condemns China's Naval Drills
  • Podcast: Russia's Espionage Activities in the Arctic and Their Impact on NATO

Cyber Threat Group Targets Ukrainian Notaries with Phishing Attacks to Access Government Registries

From The Record: Ukraine’s Computer Emergency Response Team (CERT-UA) has identified a cyber threat group, UAC-0173, targeting notaries’ computers to gain unauthorized access to government registries. Since mid-January, these attackers have been sending phishing emails that mimic communications from regional offices of Ukraine’s Ministry of Justice. Upon breaching notaries' systems, they deploy DarkCrystal, a Russian backdoor malware, to conduct surveillance and steal data.

CERT-UA reports that affected machines span six regions, and some attacks have been thwarted before any unauthorized changes were made. The agency suspects that UAC-0173 may function as a hacker-for-hire group, receiving undisclosed financial support. This incident follows a December cyberattack linked to Russian military intelligence that disrupted Ukraine's state registries for weeks. While it remains unclear if the current threats are connected to the December breach, both incidents underscore ongoing cyber risks to Ukraine’s critical infrastructure.

Belarusian Cyber Threat Group GhostWriter Launches Cyber Espionage Campaign Targeting Opposition and Ukrainian Entities

From The Record: A suspected state-backed cyber threat group from Belarus, known as GhostWriter, has been conducting a cyber espionage campaign targeting opposition activists in Belarus and various Ukrainian military and government entities since mid-2024, according to SentinelOne. This marks the group's first documented attempt to target Belarusian opposition in relation to the January presidential election, during which President Alexander Lukashenko was re-elected for a seventh term.

In Ukraine, GhostWriter has distributed phishing documents disguised as plans for anti-corruption initiatives and military logistics, employing a modified version of PicassoLoader malware that is cost-effective and user-friendly. Despite Belarus not being directly involved in military actions in Ukraine, associated cyber actors are engaging in espionage to advance Belarusian governmental interests.

Lessons from Ukraine's Conflict: Implications for Taiwan and the Nordic-Baltic Region on Deterrence and Security

From the International Centre for Defence and Security (ICDS): Russia’s war in Ukraine provides important lessons on deterrence and hybrid warfare for Taiwan and the Nordic-Baltic region. The report highlights the role of societal readiness, as Ukraine’s civilian involvement in defense has been crucial for maintaining sovereignty.

In response to perceived threats from Russia, Nordic-Baltic countries are enhancing their military capabilities and strengthening alliances. Meanwhile, China is carefully studying the conflict to refine its own strategies regarding Taiwan, particularly in hybrid warfare and gray zone operations. The report advocates for a combination of military and civil defense measures to increase costs for potential aggressors and bolster national security.

Chinese Group Breaches Belgium's State Security Service

From Politico: A Chinese cyber threat group infiltrated Belgium's State Security Service (VSSE) between 2021 and 2023, marking a significant security breach for the agency. The attackers exploited a vulnerability in an email security gateway product of Barracuda Networks, identified in 2023. This breach also impacted the Belgian Pipeline Organisation, which manages North Sea pipelines.

An internal audit indicated that while classified information on internal servers was safe, external email communications were accessed. Compromised data likely includes communications with the prosecutor’s office, police, ministerial cabinets, and personal details of intelligence staff. Cybersecurity firm Mandiant has linked the group to Chinese state-sponsored cyber-espionage.

Taiwan Condemns China's Naval Drills

From Foreign Policy: Taiwan has condemned China’s recent unannounced live-fire naval drills near its southwestern coast, describing them as dangerous and provocative. The exercises, held about 40 nautical miles off the coast, involved 32 Chinese military aircraft and various warships. Taiwan's defense ministry criticized the absence of prior notification, highlighting the significant threat to international navigation and regional stability.

Podcast: Russia's Espionage Activities in the Arctic and Their Impact on NATO

From the TechStuff podcast: Pulitzer Prize-winning journalist Ben Taub discusses his investigative article, “Russia’s Espionage War in the Arctic,” which explores rising tensions along the Russian-Norwegian border. Taub reveals how Russia uses this area for intelligence operations, utilizing advanced technology for both espionage and survival. The discussion also addresses the wider effects of the Ukraine conflict on NATO relations and regional stability.