Platform

Products

Solutions

Resources

Partners

Company

Request a Demo

The Reveal Platform

Overview Integrations Threat Research Labs

WHY GURUCUL BLOGS CONTACT US

Products

Next-Gen SIEM Data Pipeline Management AI SOC Analyst Insider Risk Management UEBA SOAR

WHY GURUCUL BLOGS CONTACT US

Solutions

For Healthcare For MSSPs Threat Detection Investigation & Response Identity Threat Detection & Response Hybrid & Multi-Cloud Monitoring

WHY GURUCUL BLOGS CONTACT US

Resources

Resource Hub Case Studies Webinars Demo Hub Technical Training MITRE ATT&CK

WHY GURUCUL BLOGS CONTACT US

Partners

Partners Become A Partner Find a Partner Technology Alliances Partner Portal Login

WHY GURUCUL BLOGS CONTACT US

Company

About Gurucul Leadership Events Careers News Press Releases

WHY GURUCUL BLOGS CONTACT US

Request a Demo

The Gurucul Platform
Products
Solutions Solutions
Resources
- Resources
- Resource Hub
- Case Studies
- Webinars
- Demo Hub
- Technical Training
- MITRE ATT&CK
Partners
- Partners
- Partners
- Become A Partner
- Find a Partner
- Technology Alliances
- Partner Portal Login
Company
- Company
- About Gurucul
- Leadership
- Events
- Careers
- News
- Press Releases
Why Gurucul
Blogs
Contact Us

home

December 10, 2025

White lynx uses new “captcha macro” social engineering technique

Intel Name: White lynx uses new “captcha macro” social engineering technique

Date of Scan: December 10, 2025

Impact: High

Summary:
We identified a new social-engineering tactic employed by the Belarusian threat actor White Lynx (also known as Ghostwriter, Storm-0257, UNC1151). The method relies on a malicious macro embedded in a Word document designed to evade detection and analysis. Once macros are enabled, the user is presented with a fake CAPTCHA window prompting them to validate a six-character string. This added step introduces a layer of human interaction before the macro will execute. After the CAPTCHA is completed, the document displays decoy content while carrying out malicious activity in the background.

More Details

Platform
Overview
Integrations
Threat Research Labs
Request a Demo

Products
Next-Gen SIEM
UEBA
SOAR
Data Pipeline Management
Identity Analytics
Open XDR

Solutions
Threat Detection Investigation & Response
Insider Threat Management
Identity Threat Detection & Response
Hybrid & Multi-Cloud Monitoring
AI-Enabled SOC Transformation
For MSSPs
For Healthcare

Resources
Resource Hub
Blogs
Case Studies
Webinars
Demo Hub
Technical Training
MITRE ATT&CK
Contact Support

Partners
Partners
Become A Partner
Find a Partner
Technology Alliances
Partner Portal Login

Company
About Gurucul
Leadership
Careers
News
Press Releases
Why Gurucul
Business Continuity
Contact Us

Privacy Policy

Legal