Poland has warned that a Belarus-linked hacking group is expanding its cyberattacks to target personal Gmail accounts belonging to senior public figures and their family members.
Poland’s national cybersecurity agency CERT Polska says that the group known as GhostWriter has increasingly focused on Gmail users since March of this year. Previously, the hackers mainly targeted work accounts and email services provided by Polish companies.
The campaign has affected government officials, journalists, researchers, law enforcement personnel, and public administration employees, as well as their relatives and social contacts.
Researchers said GhostWriter uses phishing emails to steal login credentials and two-factor authentication codes. Once attackers gain access to an account, they search for sensitive documents, contact lists, and other online accounts that can be exploited.
CERT Polska described GhostWriter as one of the most active state-sponsored cyber threat groups operating against Poland. The group has been linked to Belarusian intelligence services and has targeted Polish organizations since the start of Russia's full-scale invasion of Ukraine.
In addition to hacking activities, GhostWriter has been accused of running disinformation campaigns aimed at damaging Poland's relations with Ukraine, the United States, and NATO.
More details related to this campaign are available in the agency’s technical write-up.