Check Point, a cybersecurity firm, released a report, saying that Russian hackers have recently attacked several European embassies, including European embassies in Italy, Guyana, Nepal, Liberia, Bermuda, Lebanon and Kenya.
Russian hackers sent malicious e-mails disguised as US State Department documents to these embassies with Microsoft Excel forms containing macros. Once these macros are opened, the hacker completely controls the infected system by using the TeamViewer, the popular remote access sharing software. The remote tool TeamViewer itself is safe, but the hackers made use of a piece of malware that is designed to weaponize TeamViewer.
The researchers said the attack might be launched with a motivation for money because several of the targets were officials of the embassy’s finance office.
The press release says, “It is hard to tell if there are geopolitical motives behind this campaign by looking solely at the list of countries it was targeting. Since it was not after a specific region and the victims came from different places in the world.”
“Nevertheless, the observed victims list reveals a particular interest of the attacker in the public financial sector, as they all appear to be handpicked government officials from several revenue authorities.”
According to the research, the sophisticated hackers carefully planned out the attacks. They used decoy documents tailored to their victim’s interests to target specific government officials seamlessly. They did not leave behind their personal information or browsing history after the attack.
The researchers were able to identify a Russian-speaking cybercriminal in the campaign. According to Check Point, it’s unlikely that these attacks were state-sponsored. Instead, they suggested the hackers were “financially motivated.”
Published by & last updated on April 28, 2019 8:04 am