Cyber Analysts Track Ghostwriter APT Using Infrastructure Pivoting
/ 1 min read
🕵️♂️ Cyber Threat Intelligence Analysts Utilize Infrastructure Pivoting to Track Ghostwriter APT. Infrastructure pivoting is a crucial skill for cyber threat intelligence (CTI) analysts, enabling them to uncover additional targets and insights about adversaries like the Belarusian state-sponsored group Ghostwriter. Recent reports from Fortinet and Cyble highlighted malicious XLS documents targeting the Ukrainian military, leading to the identification of overlapping indicators of compromise (IOCs) across multiple threat reports. By analyzing shared domains and registration patterns, analysts can discover unreported domains and related malware samples, enhancing their understanding of adversary capabilities. This method underscores the importance of scrutinizing IOCs to reveal the behaviors and targets of state-sponsored groups, as demonstrated by the U.S. Treasury’s sanctions against members of the Callisto APT group.
