The latest Ghostwriter campaign leveraging Prometheus-themed phishing reveals far more than a routine malware drop—it underscores Russia's calculated persistence in blending cyber espionage with influence operations to erode Ukrainian sovereignty even as conventional fronts evolve. While CERT-UA details the OYSTERFRESH JavaScript chain leading to Cobalt Strike beacons and registry-persisted payloads, the coverage underplays how this Belarus-aligned actor (UAC-0057) synchronizes with broader Kremlin-directed efforts documented by Ukraine's National Security and Defense Council, including AI-assisted target selection via tools like ChatGPT for runtime command generation. This marks an escalation from earlier Ghostwriter activity observed in 2021-2022, where similar social-engineering vectors supported election interference; today, amid active conflict, the focus has shifted to long-term access for intelligence hoarding and follow-on disruption. What mainstream reports miss is the direct linkage to supply-chain and RDP compromise patterns highlighted in the Council's 2025 assessment, patterns that enable not just data theft but precise tracking of Ukrainian officials' locations to inform kinetic targeting. Cross-referencing with ESET and Mandiant analyses of UNC1151 infrastructure shows overlapping C2 domains and Cobalt Strike usage consistent with Russian military intelligence playbooks, suggesting Ghostwriter functions as a deniable forward element rather than an independent Belarusian proxy. The Matryoshka-linked Bluesky hijackings further illustrate the convergence of cyber and information warfare, where compromised journalist accounts amplify narratives that soften international support for Kyiv. These operations exploit Ukraine's stretched defenses, prioritizing stealthy persistence over flashy wiper malware to sustain pressure without triggering full NATO escalation thresholds.