{"id":28517,"date":"2025-11-10T08:14:22","date_gmt":"2025-11-10T07:14:22","guid":{"rendered":"https:\/\/www.advens.com\/media\/security-operations\/renseignement-sur-les-menaces-bulletin-cert-octobre-2025\/"},"modified":"2025-11-10T08:50:46","modified_gmt":"2025-11-10T07:50:46","slug":"threat-intelligence-apt-ghostwriter-cyber","status":"publish","type":"post","link":"https:\/\/www.advens.com\/en\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/","title":{"rendered":"Threat Intelligence \u2013 CERT Bulletin October 2025"},"content":{"rendered":"\n<p>The October bulletin reviews three major vulnerabilities:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Redis \u2013 CVE-2025-49844<\/li>\n\n\n\n<li>Veeam Backup &amp; Replication \u2013 CVE-2025-48983<\/li>\n\n\n\n<li>Apache Tomcat \u2013 CVE-2025-55754<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<p>This bulletin also includes an article with a detailed analysis of the APT group Ghostwriter. It provides the geopolitical and cyber context of Belarus and explains the group\u2019s operations using the Diamond Model. A focus on PicassoLoader, a malware that hides payloads in image files, is also featured.<\/p>\n\n\n\n<p><br>The bulletin is freely accessible to the entire community.<\/p>\n\n\n\n<div data-wp-interactive=\"core\/file\" class=\"wp-block-file\"><object data-wp-bind--hidden=\"!state.hasPdfPreview\" hidden class=\"wp-block-file__embed\" data=\"https:\/\/www.advens.com\/app\/uploads\/2025\/11\/CERT-aDvens-October-2025-CTI-Report.pdf\" type=\"application\/pdf\" style=\"width:100%;height:600px\" aria-label=\"Embed of CERT-aDvens-October-2025-CTI-Report.\"><\/object><a id=\"wp-block-file--media-cebb3d2b-b930-4ff7-8aba-c64d36336b4c\" href=\"https:\/\/www.advens.com\/app\/uploads\/2025\/11\/CERT-aDvens-October-2025-CTI-Report.pdf\">CERT-aDvens-October-2025-CTI-Report<\/a><a href=\"https:\/\/www.advens.com\/app\/uploads\/2025\/11\/CERT-aDvens-October-2025-CTI-Report.pdf\" class=\"wp-block-file__button wp-element-button\" download aria-describedby=\"wp-block-file--media-cebb3d2b-b930-4ff7-8aba-c64d36336b4c\">Download<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>This report includes a detailed analysis of the APT group Ghostwriter.<\/p>\n","protected":false},"author":3,"featured_media":28524,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[554],"tags":[],"custom_format":[474],"class_list":["post-28517","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bulletins-cert-en"],"acf":[],"contentshake_article_id":"","yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Threat Intelligence \u2013 CERT Bulletin October 2025 - Advens<\/title>\n<meta name=\"description\" content=\"This report includes a detailed analysis of the APT group Ghostwriter.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Threat Intelligence \u2013 CERT Bulletin October 2025 - Advens\" \/>\n<meta property=\"og:description\" content=\"This report includes a detailed analysis of the APT group Ghostwriter.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/\" \/>\n<meta property=\"og:site_name\" content=\"Advens\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-10T07:14:22+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-10T07:50:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.advens.com\/app\/uploads\/2025\/11\/CERT-bulletinGhost.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1500\" \/>\n\t<meta property=\"og:image:height\" content=\"823\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Benjamin Leroux\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/\"},\"author\":{\"name\":\"Benjamin Leroux\",\"@id\":\"https:\/\/www.advens.com\/#\/schema\/person\/0a0cf6bfbcf86fdef2602cefe9b941c7\"},\"headline\":\"Threat Intelligence \u2013 CERT Bulletin October 2025\",\"datePublished\":\"2025-11-10T07:14:22+00:00\",\"dateModified\":\"2025-11-10T07:50:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/\"},\"wordCount\":86,\"publisher\":{\"@id\":\"https:\/\/www.advens.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.advens.com\/app\/uploads\/2025\/11\/CERT-bulletinGhost.png\",\"articleSection\":[\"CERT Alert\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/\",\"url\":\"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/\",\"name\":\"Threat Intelligence \u2013 CERT Bulletin October 2025 - Advens\",\"isPartOf\":{\"@id\":\"https:\/\/www.advens.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.advens.com\/app\/uploads\/2025\/11\/CERT-bulletinGhost.png\",\"datePublished\":\"2025-11-10T07:14:22+00:00\",\"dateModified\":\"2025-11-10T07:50:46+00:00\",\"description\":\"This report includes a detailed analysis of the APT group Ghostwriter.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/#primaryimage\",\"url\":\"https:\/\/www.advens.com\/app\/uploads\/2025\/11\/CERT-bulletinGhost.png\",\"contentUrl\":\"https:\/\/www.advens.com\/app\/uploads\/2025\/11\/CERT-bulletinGhost.png\",\"width\":1500,\"height\":823},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.advens.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CERT Alert\",\"item\":\"https:\/\/www.advens.com\/en\/media\/bulletins-cert-en\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Threat Intelligence \u2013 CERT Bulletin October 2025\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.advens.com\/#website\",\"url\":\"https:\/\/www.advens.com\/\",\"name\":\"Advens\",\"description\":\"For Cyber, People &amp; Planet\",\"publisher\":{\"@id\":\"https:\/\/www.advens.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.advens.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.advens.com\/#organization\",\"name\":\"Advens\",\"url\":\"https:\/\/www.advens.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.advens.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.advens.com\/app\/uploads\/2025\/07\/Logotype-aDvens-Cybersecurity.png\",\"contentUrl\":\"https:\/\/www.advens.com\/app\/uploads\/2025\/07\/Logotype-aDvens-Cybersecurity.png\",\"width\":1501,\"height\":1501,\"caption\":\"Advens\"},\"image\":{\"@id\":\"https:\/\/www.advens.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/advens\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.advens.com\/#\/schema\/person\/0a0cf6bfbcf86fdef2602cefe9b941c7\",\"name\":\"Benjamin Leroux\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.advens.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6130a303ba5e9000db1d968b9c41bf9e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6130a303ba5e9000db1d968b9c41bf9e?s=96&d=mm&r=g\",\"caption\":\"Benjamin Leroux\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/benjamin-leroux-1688a4\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Threat Intelligence \u2013 CERT Bulletin October 2025 - Advens","description":"This report includes a detailed analysis of the APT group Ghostwriter.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/","og_locale":"en_US","og_type":"article","og_title":"Threat Intelligence \u2013 CERT Bulletin October 2025 - Advens","og_description":"This report includes a detailed analysis of the APT group Ghostwriter.","og_url":"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/","og_site_name":"Advens","article_published_time":"2025-11-10T07:14:22+00:00","article_modified_time":"2025-11-10T07:50:46+00:00","og_image":[{"width":1500,"height":823,"url":"https:\/\/www.advens.com\/app\/uploads\/2025\/11\/CERT-bulletinGhost.png","type":"image\/png"}],"author":"Benjamin Leroux","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/#article","isPartOf":{"@id":"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/"},"author":{"name":"Benjamin Leroux","@id":"https:\/\/www.advens.com\/#\/schema\/person\/0a0cf6bfbcf86fdef2602cefe9b941c7"},"headline":"Threat Intelligence \u2013 CERT Bulletin October 2025","datePublished":"2025-11-10T07:14:22+00:00","dateModified":"2025-11-10T07:50:46+00:00","mainEntityOfPage":{"@id":"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/"},"wordCount":86,"publisher":{"@id":"https:\/\/www.advens.com\/#organization"},"image":{"@id":"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/#primaryimage"},"thumbnailUrl":"https:\/\/www.advens.com\/app\/uploads\/2025\/11\/CERT-bulletinGhost.png","articleSection":["CERT Alert"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/","url":"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/","name":"Threat Intelligence \u2013 CERT Bulletin October 2025 - Advens","isPartOf":{"@id":"https:\/\/www.advens.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/#primaryimage"},"image":{"@id":"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/#primaryimage"},"thumbnailUrl":"https:\/\/www.advens.com\/app\/uploads\/2025\/11\/CERT-bulletinGhost.png","datePublished":"2025-11-10T07:14:22+00:00","dateModified":"2025-11-10T07:50:46+00:00","description":"This report includes a detailed analysis of the APT group Ghostwriter.","breadcrumb":{"@id":"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/#primaryimage","url":"https:\/\/www.advens.com\/app\/uploads\/2025\/11\/CERT-bulletinGhost.png","contentUrl":"https:\/\/www.advens.com\/app\/uploads\/2025\/11\/CERT-bulletinGhost.png","width":1500,"height":823},{"@type":"BreadcrumbList","@id":"https:\/\/www.advens.com\/media\/bulletins-cert-en\/threat-intelligence-apt-ghostwriter-cyber\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.advens.com\/en\/"},{"@type":"ListItem","position":2,"name":"CERT Alert","item":"https:\/\/www.advens.com\/en\/media\/bulletins-cert-en\/"},{"@type":"ListItem","position":3,"name":"Threat Intelligence \u2013 CERT Bulletin October 2025"}]},{"@type":"WebSite","@id":"https:\/\/www.advens.com\/#website","url":"https:\/\/www.advens.com\/","name":"Advens","description":"For Cyber, People &amp; Planet","publisher":{"@id":"https:\/\/www.advens.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.advens.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.advens.com\/#organization","name":"Advens","url":"https:\/\/www.advens.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.advens.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.advens.com\/app\/uploads\/2025\/07\/Logotype-aDvens-Cybersecurity.png","contentUrl":"https:\/\/www.advens.com\/app\/uploads\/2025\/07\/Logotype-aDvens-Cybersecurity.png","width":1501,"height":1501,"caption":"Advens"},"image":{"@id":"https:\/\/www.advens.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/advens\/"]},{"@type":"Person","@id":"https:\/\/www.advens.com\/#\/schema\/person\/0a0cf6bfbcf86fdef2602cefe9b941c7","name":"Benjamin Leroux","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.advens.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6130a303ba5e9000db1d968b9c41bf9e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6130a303ba5e9000db1d968b9c41bf9e?s=96&d=mm&r=g","caption":"Benjamin Leroux"},"sameAs":["https:\/\/www.linkedin.com\/in\/benjamin-leroux-1688a4\/"]}]}},"featured_url":"https:\/\/www.advens.com\/app\/uploads\/2025\/11\/CERT-bulletinGhost.png","_links":{"self":[{"href":"https:\/\/www.advens.com\/en\/wp-json\/wp\/v2\/posts\/28517","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.advens.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.advens.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.advens.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.advens.com\/en\/wp-json\/wp\/v2\/comments?post=28517"}],"version-history":[{"count":2,"href":"https:\/\/www.advens.com\/en\/wp-json\/wp\/v2\/posts\/28517\/revisions"}],"predecessor-version":[{"id":31855,"href":"https:\/\/www.advens.com\/en\/wp-json\/wp\/v2\/posts\/28517\/revisions\/31855"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.advens.com\/en\/wp-json\/wp\/v2\/media\/28524"}],"wp:attachment":[{"href":"https:\/\/www.advens.com\/en\/wp-json\/wp\/v2\/media?parent=28517"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.advens.com\/en\/wp-json\/wp\/v2\/categories?post=28517"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.advens.com\/en\/wp-json\/wp\/v2\/tags?post=28517"},{"taxonomy":"format","embeddable":true,"href":"https:\/\/www.advens.com\/en\/wp-json\/wp\/v2\/custom_format?post=28517"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}