European embassies targeted by Russian hackers

Russian hackers recently attacked a number of embassies in Europe by emailing malicious attachments


57
97 shares, 57 points
crispbot

“It is hard to tell if there are geopolitical motives behind this campaign by looking solely at the list of countries it was targeting,” the press release says, “since it was not after a specific region and the victims came from different places in the world.”

Russian hackers recently attacked a number of embassies in Europe by emailing malicious attachments disguised as official State Department documents to officials, according to a new report from Check Point Research.

Government finance officials were also subject to these attacks, and Check Point notes that these victims were of particular interest to the hackers. “They all appear to be handpicked government officials from several revenue authorities,” the press release says.

While Russian in origin, it’s unlikely that these attacks were state-sponsored. One perpetrator was traced back a hacking and carding forum and registered under the same username, “EvaPiks,” on both. EvaPiks posted instructions for how to carry out this kind of cyberattack on forums and advised other users as well.

The hackers appeared to be highly sophisticated, carefully planning out the attacks, using decoy documents tailored to their victim’s interests, and targeting specific government officials. At the same time, other stages of the attack were carried out with less caution leaving personal information and browsing history belonging to the perpetrator exposed.

Check Point identified several other similar attack campaigns, including some targeting Russian-speaking victims as well.

The hackers targeted European embassies in Nepal, Guyana, Kenya, Italy, Liberia, Bermuda, and Lebanon, among others. They typically emailed the officials Microsoft Excel sheets with malicious macros that appeared to have originated from the United States State Department. Once opened, the hackers were able to gain full control of the infected computer by weaponizing installed software called TeamViewer, a popular remote access service.

Due to the attackers’ background in the illegal carding community, Check Point suggested that they could have been “financially motivated.”


Like it? Share with your friends!

57
97 shares, 57 points

What's Your Reaction?

confused confused
0
confused
fun fun
2
fun
geeky geeky
0
geeky
hate hate
0
hate
lol lol
1
lol
love love
0
love
omg omg
2
omg
win win
1
win

0 Comments

Choose A Format
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Poll
Voting to make decisions or determine opinions
Story
Formatted Text with Embeds and Visuals
List
The Classic Internet Listicles
Countdown
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Meme
Upload your own images to make custom memes
Video
Youtube and Vimeo Embeds
Audio
Soundcloud or Mixcloud Embeds
Image
Photo or GIF
Gif
GIF format