The disinformation campaign
The Ghostwriter attackers have been leveraging compromised websites and spoofed email accounts to distribute fabricated content, including falsified correspondence from military officials.
In one instance, they falsely attributed a quote from a commander of the NATO eFP Battle Group, stating (falsely) that 21 Canadian soldiers stationed in Latvia have been infected with COVID-19 infection.
In another case, they faked a letter pretending to be from NATO Secretary General Jens Stoltenberg, carrying news about Atlantic alliance planning to withdraw from Lithuania in response to the COVID-19 pandemic.
Attack vectors
The attackers abused the compromised content management systems (CMS) of several news agencies and replaced their legitimate articles with fake news, instead of creating new posts.
The falsified content, being posted on public portals, has already been referenced as a source content by at least 14 (probably fake) personas that are pretending to be locals, journalists, and analysts within the targeted countries.
Fake news as a new attack vector
Attackers have been using fake news not just to spread rumors, but as an attacker vector for initiating malicious activities on the victim’s system.
In mid-June 2020, some fraudsters were seen creating fake pages with news about data breach attacks on well-known brands.
Besides fake news, the attackers were also mixing black SEO, Google Sites, and spam pages into the mix to lure their victims to dangerous URLs.
These fake pages were picked up by Google Alerts, af ..
Support the originator by clicking the read the rest link below.
