Articles / CyberSecurity

‘Ghostwriter’ Looks Like a Purely Russian Op—Except It’s Not

Belarus government building. Photograph: Ekaterina Loginova/Getty Images

‘Ghostwriter’ Looks Like a Purely Russian Op—Except It’s Not
WIRED, November 16, 2021
Security
By Lily Hay Newman

“Security researchers have found signs that the pervasive hacking and misinformation campaign comes not from Moscow but from Minsk.”

 

For at least four years, the hacking and disinformation group known has Ghostwriter has plagued countries in Eastern Europe and the Baltics. Given its methods—and its anti-NATO and anti-US messages—the widely held assumption has been that Ghostwriter is yet another Kremlin-led campaign. The European Union even declared at the end of September that some member states have “associated” Ghostwriter “with the Russian state.” As it turns out, that’s not quite right. According to the threat intelligence firm Mandiant, Ghostwriter’s hackers work for Belarus.

 

Mandiant first took a close look at Ghostwriter in July 2020. The group was then primarily known for creating and distributing fake news articles and even hacking real news sites to post misleading content. By April 2021, Mandiant attributed broader activity to Ghostwriter, including operations to compromise the social media accounts of government officials to spread misinformation and efforts to target politicians with hacking and leaking operations. The group has long focused on undermining NATO’s role in Eastern Europe, and has increasingly turned to stoking political divides or instability in Poland, Ukraine, Lithuania, Latvia, and Germany.

 

At the Cyberwarcon conference in Washington, DC, on Tuesday, Mandiant analysts Ben Read and Gabby Roncone are presenting evidence of Ghostwriter’s ties to Belarus.

 

“We saw a shift to a lot more focus on Belarus-specific issues—targeting Belarusian dissidents, Belarusians in the media, things that really look like they’re conducted in support of the Belarusian government,” Read said. “And then we also stumbled upon technical details that make us think the operators are located in Minsk and some others that hint at the Belarusian military. That gets us to the point now where we’re confident in saying that Ghostwriter has a link to Belarus.”

Read the Full Article »

About the Author:

Lily Hay Newman is a senior writer at WIRED focused on information security, digital privacy, and hacking. She previously worked as a technology reporter at Slate magazine and was the staff writer for Future Tense, a publication and project of Slate, the New America Foundation, and Arizona State University. Additionally her work has appeared in Gizmodo, Fast Company, IEEE Spectrum, and Popular Mechanics. She lives in New York City.

See Also:

 

Related Posts

Isolated black snake on red backdrop - Photograph: EduardHarkonen/Getty Images

The Underground History of Russia’s Most Ingenious Hacker Group

Book Cover - A Hacker's Mind How the Powerful Bend Society's Rules, and How to Bend them Back

A Hacker’s Mind: How the Powerful Bend Society’s Rules, and How to Bend them Back

Book Cover - The Ransomware Hunting Team A Band of Misfits' Improbable Crusade to Save the World from Cybercrime

The Ransomware Hunting Team: A Band of Misfits’ Improbable Crusade to Save the World from Cybercrime

a ball peeking out from the corner - Photograph: Serg Myshkovsky/Getty Images

Open Source Intelligence May Be Changing Old-School War

How Bellingcat is using TikTok to investigate the war in Ukraine

Skyscrapers in the Moscow-City business center in Moscow on April 29. (Maxim Shemetov/Reuters)

Hacking Russia was off-limits. The Ukraine war made it a free-for-all