Skip to main content

Belarus-Linked Hackers Targeted Foreign Diplomats for a Decade, Reveals ESET Report





Suspected Belarusian Government-Linked Hackers Targeted Foreign Diplomats for Nearly a Decade, Report Reveals


A recent report from cybersecurity firm ESET indicates that hackers believed to have ties to the Belarusian government have been systematically targeting foreign diplomats within the country for nearly a decade. The group, dubbed "MoustachedBouncer" by ESET, is thought to have engaged in hacking activities or at least targeted diplomatic officials by intercepting their internet connections at the ISP level, suggesting a close working relationship with the Belarusian government.


ESET's report highlights that since 2014, the MoustachedBouncer group has focused its efforts on at least four foreign embassies located in Belarus, representing European, South Asian, and African nations. ESET researcher Matthieu Faou explained that the group's main goal seems to be the acquisition of confidential documents, although specific details about their motives remain uncertain.


The discovered technique involves tampering with network traffic to manipulate a target's Windows operating system into believing it's connected to a network with a captive portal. Subsequently, the target is directed to a malicious site posing as a Windows Update page, which alerts the victim to the presence of critical security updates that need immediate installation.


Despite MoustachedBouncer's decade-long operation, there's little evidence of their activities between 2014 and 2018. Researchers at ESET stumbled upon their attack in February 2022, following Russia's invasion of Ukraine, during an incident aimed at diplomats in a European embassy directly connected to the ongoing conflict.


While the exact mechanics of how MoustachedBouncer intercepts and alters traffic, known as an "adversary-in-the-middle" (AitM) technique, remain unclear, ESET's experts suggest that the group's success might be due to collaboration with Belarusian ISPs. This collaboration could allow the hackers to exploit a lawful intercept system similar to Russia's SORM system, which is designed for similar purposes.


Notably, Belarus has had a long-standing surveillance system in place, requiring telecom providers to ensure compatibility with the SORM system, as detailed in a 2016 Amnesty International report.


ESET's findings underscore the group's ability to remain under the radar, even while targeting high-profile individuals like diplomats. Despite limited malware samples available for analysis, ESET's researchers noted that MoustachedBouncer's careful operations and prolonged success in compromising significant targets demonstrate their meticulous approach to their activities.

Popular posts from this blog

Signal Introduces Usernames for Encrypted Messaging: A Secure Way to Connect

Signal, the encrypted messaging service, is launching a new feature in the coming weeks: support for usernames. This beta feature allows users to establish unique usernames, enabling connections without divulging phone numbers. source: Signal Blog To create a username, navigate to your settings and select "Profile." Once you've chosen a unique username, generate a QR code or link to share with others. Recipients can connect by entering your username into the chat bar. Usernames can be changed at any time, though previous usernames may be claimed by others. Signal began testing usernames last fall. Unlike social media platforms, Signal usernames do not serve as logins or public handles. They offer a discreet means of communication without revealing personal phone numbers. While a phone number is required to register for Signal, sharing it is optional. Usernames remain private and do not appear on profiles or in chats unless shared explicitly. As Randall Sarafa, Signal'

Safeguarding Internet Privacy: Supreme Court of Canada Upholds Protection of IP Addresses

In a recent ruling, the Supreme Court of Canada affirmed the significance of privacy rights concerning internet addresses. The court declared that police cannot simply obtain a suspect’s IP address without a court order, emphasizing the expectation of privacy that Canadian residents hold for such information. The court's decision stemmed from a case in 2017 involving Calgary police investigating fraudulent online activities at a liquor store. Initially, police demanded IP addresses from a credit card processor, which eventually led to obtaining subscriber information from Telus. This information was pivotal in making arrests and securing convictions in multiple offenses. Despite previous convictions, the accused contested the legality of obtaining IP addresses without proper authorization. The Supreme Court, in a 5-4 decision, asserted that IP addresses carry a reasonable expectation of privacy, necessitating judicial approval before access. The ruling emphasizes that obtaining jud

AT&T Resets Millions of Customer Passcodes After Data Leak: What You Need to Know

AT&T recently confirmed a significant data breach affecting over 7.6 million current customers and 65 million former customers. The leaked information, which dates back to 2019 or earlier, includes personal details like names, addresses, phone numbers, and social security numbers. Fortunately, financial information and call history were not compromised. In response to the breach, AT&T has reset passcodes for affected customers. Passcodes, usually four-digit numbers, serve as an additional layer of security when accessing accounts. However, security experts warn that the encrypted passcodes leaked alongside customer information could be easily deciphered, posing a risk of unauthorized account access. Affected customers are advised to set up free fraud alerts with major credit bureaus and remain vigilant for any suspicious activity related to their accounts. AT&T is proactively reaching out to impacted customers via email or letter to inform them about the breach and the meas