Security News > 2023 > August > Researchers Uncover Years-Long Cyber Espionage on Foreign Embassies in Belarus
A hitherto undocumented threat actor operating for nearly a decade and codenamed MoustachedBouncer has been attributed to cyber espionage attacks aimed at foreign embassies in Belarus.
"To compromise their targets, MoustachedBouncer operators tamper with their victims' internet access, probably at the ISP level, to make Windows believe it's behind a captive portal," Faou said.
"While the compromise of routers in order to conduct AitM on embassy networks cannot be fully discarded, the presence of lawful interception capabilities in Belarus suggests the traffic mangling is happening at the ISP level rather than on the targets' routers," Fou said.
Also used in the January 2020 attack aimed at diplomats of a Northeast African country in Belarus is a C# dropper referred to as SharpDisco, which facilitates the deployment of two plugins by means of a reverse shell in order to enumerate connected drives and exfiltrate files.
The commands supported by the modular implant allow the threat actor to search for files matching a specific pattern, read, copy, and remove files, write to files, copy directories, and create arbitrary processes.
"The main takeaway is that organizations in foreign countries where the internet cannot be trusted should use an end-to-end encrypted VPN tunnel to a trusted location for all their internet traffic in order to circumvent any network inspection devices," Faou said.
News URL
https://thehackernews.com/2023/08/researchers-uncover-decade-long-cyber.html