MOONSCAPE
Objectives
Aliases
SUMMARY
CTU researchers assess with high confidence that MOONSCAPE obtains unauthorized access to account credentials to support espionage and intelligence operations.
Operating since at least 2020, the group conducts persistent spearphishing campaigns against Ukrainian, Latvian, German, Polish and Lithuanian speaking targets. These campaigns exploit email validation or verification themes, and have been observed spoofing popular webmail providers, national information services, social media platforms and military entities.
MOONSCAPE has been publicly linked to the Ghostwriter influence campaign. Ghostwriter involves propagating narratives, critical of NATO presence in Eastern Europe, designed to influence public opinion in Lithuania, Latvia and Poland. CTU researchers assess with moderate confidence that MOONSCAPE is Belarusian or Russian in origin.
Contactez-nous
Que votre organisation ait besoin d’une assistance immédiate ou que vous souhaitiez discuter de vos besoins en matière de préparation aux incidents, de réponse et de test, contactez-nous directement ci-dessous.