Hackers Increasingly Using ‘Browser-in-the-Browser’ Technique in Ukraine Related Attacks

A Belarusian threat actor is known as Ghostwriter (aka UNC1151) has been spotted leveraging the recently disclosed browser-in-the-browser (BitB) technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict.

The method, which masquerades as a legitimate domain by simulating a browser window within the browser, makes it possible to mount convincing social engineering campaigns.

“Ghostwriter actors have quickly adopted this new technique, combining it with a previously observed technique, hosting credential phishing landing pages on compromised sites,” Google’s Threat Analysis Group (TAG) said in a new report, using it to siphon credentials entered by unsuspected victims to a remote server.

Among other groups using the war as a lure in phishing and malware campaigns to deceive targets into opening fraudulent emails or links include Mustang Panda and Scarab as well as nation-state actors from Iran, North Korea, and Russia. Read more:https://bit.ly/36JFrnW

Leave a Reply

Your email address will not be published. Required fields are marked *