Dossier
FrostyNeighbor
Coverage of FrostyNeighbor in the Nexus archive.
- 'FrostyNeighbor' APT Carefully Targets Govt Orgs in Poland, Ukraine
The Belarussian nation-state threat group 'FrostyNeighbor' APT is targeting government organizations in Poland and Ukraine through spear-phishing payloads aimed at espionage. The attackers uniquely fingerprint victims before delivering the payloads. This campaign is part of the group's latest efforts.
- Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
The Ghostwriter threat group has targeted Ukrainian government organizations with geofenced PDF phishing and Cobalt Strike attacks. Ghostwriter, also known as FrostyNeighbor, PUSHCHA, Storm-0257, TA445, and UAC‑0057, has been active since at least 2016. The group is aligned with Belarus and has been linked to cyber espionage and influence operations.