A Belarusian threat actor is known as Ghostwriter (aka UNC1151) has been spotted leveraging the recently disclosed browser-in-the-browser (BitB) technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict.
The method, which masquerades as a legitimate domain by simulating a browser window within the browser, makes it possible to mount convincing social engineering campaigns.
“Ghostwriter actors have quickly adopted this new technique, combining it with a previously observed technique, hosting credential phishing landing pages on compromised sites,” Google’s Threat Analysis Group (TAG) said in a new report, using it to siphon credentials entered by unsuspected victims to a remote server.
Among other groups using the war as a lure in phishing and malware campaigns to deceive targets into opening fraudulent emails or links include Mustang Panda and Scarab as well as nation-state actors from Iran, North Korea, and Russia. Read more:https://bit.ly/36JFrnW