'Ghostwriter' Uses ‘NATO’ Related Fake News as an Attack Vector

A new fake news campaign, dubbed 'Ghostwriter', has been observed spreading North Atlantic Treaty Organization (NATO)-related fake narratives to target people in Lithuania, Latvia, and Poland.

The disinformation campaign

The Ghostwriter attackers have been leveraging compromised websites and spoofed email accounts to distribute fabricated content, including falsified correspondence from military officials.
  • In one instance, they falsely attributed a quote from a commander of the NATO eFP Battle Group, stating (falsely) that 21 Canadian soldiers stationed in Latvia have been infected with COVID-19 infection.
  • In another case, they faked a letter pretending to be from NATO Secretary General Jens Stoltenberg, carrying news about Atlantic alliance planning to withdraw from Lithuania in response to the COVID-19 pandemic.

Attack vectors

The attackers abused the compromised content management systems (CMS) of several news agencies and replaced their legitimate articles with fake news, instead of creating new posts.
  • The falsified content, being posted on public portals, has already been referenced as a source content by at least 14 (probably fake) personas that are pretending to be locals, journalists, and analysts within the targeted countries.

Fake news as a new attack vector

Attackers have been using fake news not just to spread rumors, but as an attacker vector for initiating malicious activities on the victim’s system.
  • In mid-June 2020, some fraudsters were seen creating fake pages with news about data breach attacks on well-known brands.
  • Besides fake news, the attackers were also mixing black SEO, Google Sites, and spam pages into the mix to lure their victims to dangerous URLs.
  • These fake pages were picked up by Google Alerts, after which notifications for these fake news popped up on both Google Chrome and Mozilla Firefox.

The real challenge

The identification of fake news has been a real challenge for not only enterprises but also for various government agencies. And there is no switch to turn off these fake news, neither is there any specific magic wand that could prevent attackers from using them moving forward. The best way forward is to have appropriate legal regulations to curb “fake news,” while at the same time, readers must remain vigilant to identify and tackle fake news.