Security researchers have claimed that for almost ten years, hackers with connections to the Belarusian government have been targeting foreign diplomats stationed there.
A report detailing the actions of a recently uncovered government hacking group that the business has dubbed MoustachedBouncer was released on Thursday by the antivirus company ESET.
According to ESET, the group has likely been hacking or at the very least targeting diplomats by intercepting their connections at the level of the internet service provider, indicating close cooperation with the Belarusian government.
At least four foreign embassies have been attacked by MoustachedBouncer since 2014: two European, one South Asian, and two African.
“The operators were trained to find some confidential documents, but we’re not sure exactly what they were looking for,” ESET researcher Matthieu Faou told TechCrunch in advance of his presentation at the Black Hat cybersecurity conference in Las Vegas.
“They are operating only inside Belarus against foreign diplomats. So we have never seen any attack by MustachedBouncer outside of Belarus.”
Days after Russia invaded Ukraine in February 2022, ESET claimed to have discovered MoustachedBouncer in a cyberattack against specific diplomats in the embassy of a European nation “somehow involved in the war,” Faou said, declining to identify the nation.
The hacker gang is able to deceive the target’s Windows operating system into thinking it is connected to a network with a captive gateway by tampering with network traffic.
Although it’s unclear how MoustachedBouncer uses the adversary-in-the-middle, or AitM, technique to intercept and modify traffic, ESET researchers think it’s because Belarusian ISPs are supporting the attacks, enabling the hackers to use a legal intercept system akin to the one Russia uses, known as SORM.