Skip to main content

Belarus-Linked Hackers Targeted Foreign Diplomats for a Decade, Reveals ESET Report





Suspected Belarusian Government-Linked Hackers Targeted Foreign Diplomats for Nearly a Decade, Report Reveals


A recent report from cybersecurity firm ESET indicates that hackers believed to have ties to the Belarusian government have been systematically targeting foreign diplomats within the country for nearly a decade. The group, dubbed "MoustachedBouncer" by ESET, is thought to have engaged in hacking activities or at least targeted diplomatic officials by intercepting their internet connections at the ISP level, suggesting a close working relationship with the Belarusian government.


ESET's report highlights that since 2014, the MoustachedBouncer group has focused its efforts on at least four foreign embassies located in Belarus, representing European, South Asian, and African nations. ESET researcher Matthieu Faou explained that the group's main goal seems to be the acquisition of confidential documents, although specific details about their motives remain uncertain.


The discovered technique involves tampering with network traffic to manipulate a target's Windows operating system into believing it's connected to a network with a captive portal. Subsequently, the target is directed to a malicious site posing as a Windows Update page, which alerts the victim to the presence of critical security updates that need immediate installation.


Despite MoustachedBouncer's decade-long operation, there's little evidence of their activities between 2014 and 2018. Researchers at ESET stumbled upon their attack in February 2022, following Russia's invasion of Ukraine, during an incident aimed at diplomats in a European embassy directly connected to the ongoing conflict.


While the exact mechanics of how MoustachedBouncer intercepts and alters traffic, known as an "adversary-in-the-middle" (AitM) technique, remain unclear, ESET's experts suggest that the group's success might be due to collaboration with Belarusian ISPs. This collaboration could allow the hackers to exploit a lawful intercept system similar to Russia's SORM system, which is designed for similar purposes.


Notably, Belarus has had a long-standing surveillance system in place, requiring telecom providers to ensure compatibility with the SORM system, as detailed in a 2016 Amnesty International report.


ESET's findings underscore the group's ability to remain under the radar, even while targeting high-profile individuals like diplomats. Despite limited malware samples available for analysis, ESET's researchers noted that MoustachedBouncer's careful operations and prolonged success in compromising significant targets demonstrate their meticulous approach to their activities.

Popular posts from this blog

Signal Introduces Usernames for Encrypted Messaging: A Secure Way to Connect

Signal, the encrypted messaging service, is launching a new feature in the coming weeks: support for usernames. This beta feature allows users to establish unique usernames, enabling connections without divulging phone numbers. source: Signal Blog To create a username, navigate to your settings and select "Profile." Once you've chosen a unique username, generate a QR code or link to share with others. Recipients can connect by entering your username into the chat bar. Usernames can be changed at any time, though previous usernames may be claimed by others. Signal began testing usernames last fall. Unlike social media platforms, Signal usernames do not serve as logins or public handles. They offer a discreet means of communication without revealing personal phone numbers. While a phone number is required to register for Signal, sharing it is optional. Usernames remain private and do not appear on profiles or in chats unless shared explicitly. As Randall Sarafa, Signal'

AT&T Resets Millions of Customer Passcodes After Data Leak: What You Need to Know

AT&T recently confirmed a significant data breach affecting over 7.6 million current customers and 65 million former customers. The leaked information, which dates back to 2019 or earlier, includes personal details like names, addresses, phone numbers, and social security numbers. Fortunately, financial information and call history were not compromised. In response to the breach, AT&T has reset passcodes for affected customers. Passcodes, usually four-digit numbers, serve as an additional layer of security when accessing accounts. However, security experts warn that the encrypted passcodes leaked alongside customer information could be easily deciphered, posing a risk of unauthorized account access. Affected customers are advised to set up free fraud alerts with major credit bureaus and remain vigilant for any suspicious activity related to their accounts. AT&T is proactively reaching out to impacted customers via email or letter to inform them about the breach and the meas

Apple sues former iOS engineer for allegedly leaking confidential product details

Apple has taken legal action against a former employee, Andrew Aude, for allegedly leaking confidential information to journalists and employees of other companies. The lawsuit, filed in California state court, accuses Aude of divulging undisclosed details about Apple's Journal app, the development of the VisionOS headset, regulatory compliance strategies, employee headcounts, and other product hardware characteristics. According to the lawsuit, Aude reportedly communicated extensively with a Wall Street Journal journalist, referred to as "Homeboy," over 1,400 times using an encrypted messaging app between June and September 2023. He also shared a final feature list for an unannounced Apple product with "Homeboy" over the phone and exchanged over 10,000 text messages with another journalist at The Information, even traveling across the continent to meet her. Apple alleges that Aude leaked a list of finalized features for Apple's Journal app in a phone call w