Skip to main content

Belarus-Linked Hackers Targeted Foreign Diplomats for a Decade, Reveals ESET Report





Suspected Belarusian Government-Linked Hackers Targeted Foreign Diplomats for Nearly a Decade, Report Reveals


A recent report from cybersecurity firm ESET indicates that hackers believed to have ties to the Belarusian government have been systematically targeting foreign diplomats within the country for nearly a decade. The group, dubbed "MoustachedBouncer" by ESET, is thought to have engaged in hacking activities or at least targeted diplomatic officials by intercepting their internet connections at the ISP level, suggesting a close working relationship with the Belarusian government.


ESET's report highlights that since 2014, the MoustachedBouncer group has focused its efforts on at least four foreign embassies located in Belarus, representing European, South Asian, and African nations. ESET researcher Matthieu Faou explained that the group's main goal seems to be the acquisition of confidential documents, although specific details about their motives remain uncertain.


The discovered technique involves tampering with network traffic to manipulate a target's Windows operating system into believing it's connected to a network with a captive portal. Subsequently, the target is directed to a malicious site posing as a Windows Update page, which alerts the victim to the presence of critical security updates that need immediate installation.


Despite MoustachedBouncer's decade-long operation, there's little evidence of their activities between 2014 and 2018. Researchers at ESET stumbled upon their attack in February 2022, following Russia's invasion of Ukraine, during an incident aimed at diplomats in a European embassy directly connected to the ongoing conflict.


While the exact mechanics of how MoustachedBouncer intercepts and alters traffic, known as an "adversary-in-the-middle" (AitM) technique, remain unclear, ESET's experts suggest that the group's success might be due to collaboration with Belarusian ISPs. This collaboration could allow the hackers to exploit a lawful intercept system similar to Russia's SORM system, which is designed for similar purposes.


Notably, Belarus has had a long-standing surveillance system in place, requiring telecom providers to ensure compatibility with the SORM system, as detailed in a 2016 Amnesty International report.


ESET's findings underscore the group's ability to remain under the radar, even while targeting high-profile individuals like diplomats. Despite limited malware samples available for analysis, ESET's researchers noted that MoustachedBouncer's careful operations and prolonged success in compromising significant targets demonstrate their meticulous approach to their activities.

Popular posts from this blog

Safeguarding Internet Privacy: Supreme Court of Canada Upholds Protection of IP Addresses

In a recent ruling, the Supreme Court of Canada affirmed the significance of privacy rights concerning internet addresses. The court declared that police cannot simply obtain a suspect’s IP address without a court order, emphasizing the expectation of privacy that Canadian residents hold for such information. The court's decision stemmed from a case in 2017 involving Calgary police investigating fraudulent online activities at a liquor store. Initially, police demanded IP addresses from a credit card processor, which eventually led to obtaining subscriber information from Telus. This information was pivotal in making arrests and securing convictions in multiple offenses. Despite previous convictions, the accused contested the legality of obtaining IP addresses without proper authorization. The Supreme Court, in a 5-4 decision, asserted that IP addresses carry a reasonable expectation of privacy, necessitating judicial approval before access. The ruling emphasizes that obtaining jud

Signal Introduces Usernames for Encrypted Messaging: A Secure Way to Connect

Signal, the encrypted messaging service, is launching a new feature in the coming weeks: support for usernames. This beta feature allows users to establish unique usernames, enabling connections without divulging phone numbers. source: Signal Blog To create a username, navigate to your settings and select "Profile." Once you've chosen a unique username, generate a QR code or link to share with others. Recipients can connect by entering your username into the chat bar. Usernames can be changed at any time, though previous usernames may be claimed by others. Signal began testing usernames last fall. Unlike social media platforms, Signal usernames do not serve as logins or public handles. They offer a discreet means of communication without revealing personal phone numbers. While a phone number is required to register for Signal, sharing it is optional. Usernames remain private and do not appear on profiles or in chats unless shared explicitly. As Randall Sarafa, Signal'

Apple approves single letter name for twitter IOS app

In a series of noteworthy updates, Twitter, the popular social media platform, has officially rebranded itself to a single-letter name "X" on the App Store, marking a significant change in its visual identity. This move came after weeks of alterations to its social media handles, interface branding, and even web redirects, generating quite a buzz among its users and followers. Interestingly, Apple usually maintains a policy against allowing developers to name their apps with just a single character. However, it seems that Twitter's parent company, X Corp., led by the renowned entrepreneur Elon Musk, managed to secure an exception from Apple, granting them the unique opportunity to use "X" as the app's name. This exception was particularly significant, as the App Store Connect portal typically displays an error when developers attempt to use a single character as the app's name. In conjunction with the name change, Twitter also revamped its App Store tagl