Ghost Writer - ctrlaltdeceit.org

### **Ghostwriter (UNC1151) – Disinformation & Cyberattacks** **Ghostwriter** (aka **UNC1151**) is a cyber group specializing in **disinformation campaigns, phishing, and cyber-espionage**, primarily targeting **Eastern Europe, NATO, and EU governments**. It is widely believed to be **linked to Russia and Belarus**, operating as part of their hybrid warfare strategy. --- ## **🔹 Key Objectives** ✅ **Spread pro-Russian & anti-NATO propaganda** ✅ **Influence elections & public opinion in Europe** ✅ **Hack European government officials & journalists** ✅ **Support Russia’s war in Ukraine with cyber operations** --- ## **🔹 Notable Ghostwriter Disinformation Campaigns** |**Campaign**|**Tactics Used**|**Target**|**Year**| |---|---|---|---| |**Fake NATO Withdrawal Announcements**|Hacked news sites to claim NATO was abandoning Eastern Europe|Poland, Lithuania|2020-2021| |**False Claims of U.S. Troop Involvement**|Spread fake stories of U.S. soldiers committing crimes in Poland & Lithuania|Poland, Germany|2021| |**French Presidential Election Influence**|Leaked fake documents to discredit Emmanuel Macron|France|2022| |**Ukraine War Misinformation**|Hacked social media accounts to spread pro-Russia narratives|Ukraine, EU|2022-Present| 🚨 **Tactics:** Hacking news websites, creating fake social media profiles, deepfakes, phishing attacks on journalists & politicians. --- ## **🔹 Notable Ghostwriter Cyberattacks** |**Attack**|**Description**|**Target**|**Year**| |---|---|---|---| |**Lithuanian Parliament Hack**|Phishing & malware to steal government emails|Lithuania|2021| |**German Politicians’ Email Breach**|Hacked Bundestag officials’ emails|Germany|2021-2022| |**Polish Military & Government Phishing**|Spoofed emails to gain access to military personnel accounts|Poland|2021-2023| |**Ukraine’s Government Websites Defacement**|Defaced sites with pro-Russian messages|Ukraine|2022| 🚨 **Tactics:** Phishing, credential theft, fake government websites, social engineering, and malware attacks. --- ## **🔹 Links to Russia & Belarus** - **Ghostwriter is attributed to UNC1151**, which **has ties to the Belarusian and Russian governments**. - The **European cybersecurity agencies** (CERT-EU, Germany’s BSI) have warned that **UNC1151 works as part of Russia’s FSB/GRU hybrid warfare strategy**. - **Germany accused Russia of hacking its political leaders** using Ghostwriter tactics before the 2021 election. --- ## **🔹 Tools & Techniques Used** 🔹 **Spear-phishing** with fake NATO, EU, and government documents 🔹 **Credential theft** using malicious login pages 🔹 **Website defacements** to spread propaganda 🔹 **Fake social media personas** to manipulate discourse 🔹 **Use of PowerShell, Cobalt Strike, and custom backdoors** for cyber espionage --- ## **🔹 Current Threat Level: HIGH** 🚨 **Ghostwriter continues to be active**, targeting EU elections, NATO expansion efforts, and Russia-Ukraine war narratives.