Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.
Ghostwriter’s March 2026 Ukraine attacks use PDF lures and geofencing to deploy Cobalt Strike on government targets.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results