Hackers Increasingly Using 'Browser-in-the-Browser' Technique in Ukraine Related Attacks
Mar 31, 2022
A Belarusian threat actor known as Ghostwriter (aka UNC1151) has been spotted leveraging the recently disclosed browser-in-the-browser (BitB) technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict. The method, which masquerades as a legitimate domain by simulating a browser window within the browser, makes it possible to mount convincing social engineering campaigns. "Ghostwriter actors have quickly adopted this new technique, combining it with a previously observed technique, hosting credential phishing landing pages on compromised sites," Google's Threat Analysis Group (TAG) said in a new report, using it to siphon credentials entered by unsuspected victims to a remote server. Among other groups using the war as a lure in phishing and malware campaigns to deceive targets into opening fraudulent emails or links include Mustang Panda and Scarab as well as nation-state actors from Iran, North Korea, and Russia