Ghostwriter APT Group Resumes Attacks on Ukrainian Government

ESET researchers identified renewed activity by the Ghostwriter (also known as FrostyNeighbor) advanced persistent threat (APT) group targeting Ukrainian government organizations in a campaign active since at least March 2026. The attacks mirror tactics observed in previous operations attributed to the same group. No specific technical details, malware strains, or CVE identifiers were disclosed in the report. The focus of the campaign remains on Ukrainian governmental entities, aligning with the group’s historical targeting patterns. The activity was documented in a new ESET report but did not outline concrete impacts beyond the targeting itself.