this post was submitted on 10 Aug 2023
16 points (100.0% liked)

Technology

39454 readers
248 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 3 years ago
MODERATORS
alyaza@beehaw.org
TheRtRevKaiser@beehaw.org
gyrfalcon@beehaw.org
rs5th@beehaw.org
SemioticStandard@beehaw.org
TheRtRevKaiser@kbin.social
coldredlight@beehaw.org
remington@beehaw.org
16
[ESET Research] MoustachedBouncer: Espionage against foreign diplomats in Belarus, probably collaborating with the Belarus government, by tricking Windows OS (www.welivesecurity.com)
submitted 2 years ago* (last edited 2 years ago) by Elephant0991@lemmy.bleh.au to c/technology@beehaw.org
0 comments fedilink hide all child comments
 

News article: https://techcrunch.com/2023/08/10/belarus-hackers-target-foreign-diplomats/

News Summary

  • A hacking group with apparent links to the Belarusian government has been targeting foreign diplomats in the country for nearly 10 years.
  • The group, which ESET has dubbed MoustachedBouncer, has likely been hacking or at least targeting diplomats by intercepting their connections at the internet service provider (ISP) level, suggesting close collaboration with Belarus' government.
  • Since 2014, MoustachedBouncer has targeted at least four foreign embassies in Belarus: two European nations, one from South Asia, and another from Africa.
  • ESET first detected MoustachedBouncer in February 2022, days after Russia invaded Ukraine, with a cyberattack against specific diplomats in the embassy of a European country "somehow involved in the war."
  • The hacking group is able to trick the target's Windows operating system into believing it's connected to a network with a captive portal. The target is then redirected to a fake and malicious site masquerading as Windows Update, which warns the target that there are "critical system security updates that must be installed."
  • It's not clear how MoustachedBouncer can intercept and modify traffic, but ESET researchers believe it's because Belarusian ISPs are collaborating with the attacks, allowing the hackers to use a lawful intercept system similar to the one Russia deploys, known as SORM.
  • Once ESET researchers found the attack last February and analyzed the malware used, they were able to discover other attacks - the oldest dating back to 2014 - although there is no trace of them between 2014 and 2018.
  • MoustachedBouncer’s activity spans from 2014 to 2022 and the TTPs of the group have evolved over time.
no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here