Belarusian Government-Linked Hackers Target Foreign Diplomats Through Local ISPs

Belarusian Government-Linked Hackers Target Foreign Diplomats Through Local ISPs

A newly discovered hacking group with apparent ties to the Belarusian government has been targeting foreign diplomats within the country for nearly a decade, according to cybersecurity researchers. ESET, an antivirus company, recently published a report revealing the activities of this group, which it has named MoustachedBouncer.

The group is suspected of hacking or at least targeting diplomats by intercepting their connections at the internet service provider (ISP) level, indicating potential collaboration with the Belarusian government.

MoustachedBouncer, in operation since 2014, has focused on at least four foreign embassies in Belarus, with targets from two European nations, one South Asian nation, and an African country.

The hackers’ modus operandi involves tampering with network traffic to deceive the target’s Windows operating system. The target is led to a counterfeit malicious site posing as a Windows Update page, claiming that critical system security updates need installation.

Although the exact method of traffic interception and modification remains uncertain, researchers speculate that Belarusian ISPs could be assisting the attacks, similar to Russia’s SORM (System of Operative-Investigative Measures). The existence of such a surveillance system has been known for years, with Belarusian telecom providers required to ensure compatibility with the SORM system.

ESET researchers stumbled upon MoustachedBouncer’s activities in February 2022, which led them to uncover other attacks dating as far back as 2014. The group’s ability to fly under the radar for years while targeting high-profile diplomatic figures demonstrates their meticulous approach to operations.


Discover more from TechMub

Subscribe to get the latest posts sent to your email.

© TechMub. All right reserved.

Discover more from TechMub

Subscribe now to keep reading and get access to the full archive.

Continue reading