securityonline.info 7/1/2026, 10:32:45 AM · external

UNC1151 Phishing Campaign Targets Belarus and Ukraine

UNC1151 Phishing Campaign Targets Belarus and Ukraine
Developing story incident 2 articles tracked
UNC1151 Ghostwriter phishing campaign targets Belarus, Ukraine and Polish elites
CyberSIXT Evidence Panel
Primary Source censys.com
Threat Actor
🇧🇾 Ghostwriter

THE UNC1151 phishing campaign, directed by the Ghostwriter threat actor, targets Belarusian politicians and Ukrainian web portals through spear-phishing tactics. The campaign involves fake Gmail alerts leading victims to a compromised Ukrainian site that clones a Google login page. This method captures user credentials in real-time, bypassing multi-factor authentication.

Security researchers have traced the campaign's infrastructure back to legitimate content delivery networks, revealing a broad scale of operations affecting thousands of accounts. To protect against such threats, users are advised to verify email sources, check URLs before entering passwords, and organizations should implement hardware security keys.

View Primary Source Via securityonline.info

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline