The UNC1151 Gmail phishing campaign has emerged as a cyber threat targeting Polish internet users, with attackers now focusing on Gmail accounts and deploying phishing pages capable of stealing both passwords and two-factor authentication (2FA) credentials. According to researchers at CERT Polska, the campaign marks a notable evolution in the tactics of the Ghostwriter-linked threat group, which has spent years targeting email users across Poland.

Also tracked as Ghostwriter and Storm-0257, UNC1151 has been linked by cybersecurity researchers to Belarusian state intelligence services and has remained active against Polish targets since Russia's full-scale invasion of Ukraine.
UNC1151 Gmail ...