Ghostwriter Hackers Use Real-Time WebSocket Relay to Bypass SMS and OTP MFA

Jun 29, 2026 10:16 AM

Tags: authentication, credentials, cyber, hacker, infrastructure, mfa, phishing, ukraine

UNC1151 tracked by many as Ghostwriter or FrostyNeighbor has advanced a credential-phishing technique that uses a real-time WebSocket relay to defeat SMS and OTP-based multi-factor authentication (MFA). The method was observed in a recent campaign that targeted Belarusian politician Yury Hubarevich and multiple Ukrainian portals, and Censys pivots show the infrastructure spans dozens of domains […] The post Ghostwriter Hackers Use Real-Time WebSocket Relay to Bypass SMS and OTP MFA appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

First seen on gbhackers.com

Jump to article: gbhackers.com/websocket-relay-to-bypass-sms/

also interesting:

Cybersecurity Snapshot: Study Raises Open Source Security Red Flags, as Cyber Agencies Offer Prevention Tips Against Telecom Spying Attacks
Cybersecurity Snapshot: CISA’s Best Cyber Advice on Securing Cloud, OT, Apps and More
Russian APT28 compromised Western logistics and IT firms to track aid to Ukraine
Cybersecurity Snapshot: AI Data Security Best Practices Released, While New Framework Seeks To Help IT Pros Gain Cyber Skills

Collecting Cyber-News from over 60 sources

X
LinkedIn
RSS Feed
Mail

Here I provide a database that gathers and curates the latest news on Cybersecurity. Being well-informed is the key to successfully respond on security threats.

Imprint | Privacy Policy | Contact