Advertisement

Russian hackers are hijacking computers at embassies (updated)

It doesn't appear to be a state-backed campaign.

Russian hackers have apparently launched cyberattacks against embassies, although it might not be the kind of campaign you're expecting. Check Point Research reports that the attackers have attempted to compromise PCs at embassies for countries like Italy, Bermuda and Kenya by tricking officials into loading malware. Most often, they emailed Excel spreadsheets with malicious macros that would hijack a computer using the popular remote access app TeamViewer.

The attackers don't seem to be state-backed, though. They've also attacked government officials at "several" revenue authorities, and Check Point noted that there have been similar campaigns that targeted Russian speakers. At least one of the culprits, nicknamed EvaPiks, has been linked to a hacking forum where card theft was a subject of discussion. The intruders may be "financially motivated" based on this evidence, Check Point said.

As it is, the group is occasionally sloppy. While it planned the campaign and created false documents specific to each target, some parts of the campaign have left the attacker's personal info exposed. If this is a state attack, it wasn't a particularly good one. Not that this is much comfort to victims -- they've had potentially sensitive data exposed to crooks who intend to abuse it.

Update 4/25 1:10PM ET: The initially sourced account of what happened was inaccurate. Check Point tells Engadget that the attackers didn't hit US embassies -- instead, they used the US State Department as a decoy to attack others' embassies. We've updated the article accordingly.