Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Ghostwriter disinformation campaign aimed at discrediting NATO

Researchers uncovered a disinformation campaign aimed at discrediting NATO via fake news content distributed through compromised news websites. Security experts from FireEye have uncovered a disinformation campaign aimed at discrediting NATO by spreading fake news content on compromised news websites. “The operations have primarily targeted audiences in Lithuania, Latvia, and Poland with anti-North Atlantic Treaty […]

NATO iphone

Researchers uncovered a disinformation campaign aimed at discrediting NATO via fake news content distributed through compromised news websites.

Security experts from FireEye have uncovered a disinformation campaign aimed at discrediting NATO by spreading fake news content on compromised news websites.

“The operations have primarily targeted audiences in Lithuania, Latvia, and Poland with anti-North Atlantic Treaty Organization (NATO) narratives, often leveraging website compromises or spoofed email accounts to disseminate fabricated content, including falsified correspondence from military officials” reads the report published by FireEye.

According to FireEye, the campaign tracked as GhostWriter, has been ongoing since at least March 2017 and is aligned with Russian security interests.

“We have dubbed this campaign ‘Ghostwriter,’ based on its use of inauthentic personas posing as locals, journalists, and analysts within the target countries to post articles and op-eds referencing the fabrications as source material to a core set of third-party websites that publish user-generated content,” continues the report.

Unlike other disinformation campaigns, GhostWriter doesn’t spread through social networks, instead, threat actors behind this campaign abused compromised content management systems (CMS) of news websites or spoofed email accounts to disseminate fake news.

The attackers used to replace existing legitimate articles on the sites with the fake content, instead of creating new posts.

The attackers were spreading fabricated content, including falsified news articles, quotes, correspondence, and other documents designed to appear as coming from military officials and political figures in the target countries.to manipulate content, spreading reports of falsified correspondence from military officials, fake quotes from political figures and more.

According to the experts, the campaign primarily targeted audiences in specific states members of the alliance, including Lithuania, Latvia, and Poland.

Ghostwriter operators focused on spreading fabricated quotes, such as a quote falsely attributed to the commander of the NATO eFP Battle Group that was used to push a narrative that 21 Canadian soldiers stationed in Latvia had been infected with COVID-19.

Another piece of fabricated content was a letter presented as to be authored by NATO Secretary General Jens Stoltenberg, which was written to bolster a narrative suggesting that the Atlantic alliance was planning to withdraw from Lithuania in response to the COVID-19 pandemic

“This falsified content has been referenced as source material in articles and op-eds authored by at least 14 inauthentic personas posing as locals, journalists, and analysts within those countries.” continues the report.

“These articles and op-eds, primarily written in English, have been consistently published to a core set of third-party websites that appear to accept user-submitted content, most notably OpEdNews.com, BalticWord.com, and the pro-Russian site TheDuran.com, among others, as well as to suspected Ghostwriter-affiliated blogs.”

The report published by FireEye included details about tactics, techniques, and procedures used by threat actors behind the Ghostwriter and confirms that it could be part of a larger disinformation campaign orchestrated by a foreign government.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, disinformation)

[adrotate banner=”5″]

[adrotate banner=”13″]