Hackers monitored four embassies in Belarus

Hackers have been monitoring embassies in Belarus.

This is stated in a study by anti-virus software developer ESET.

The cybercriminals monitored two embassies of European countries, as well as one of a North African country and another of a South Asian country.

This is a cyberespionage group called MoustachedBouncer. The group has been operating since at least 2014 and has targeted only foreign embassies in Belarus.

The hackers received the text the target was typing on the keyboard, screenshots, and audio from the infected device's microphone. In addition, the hackers could download any files from the device.

The attackers had access to a Belarusian internet provider, which means they were most likely in Belarus themselves.

According to the study, MoustachedBouncer "is closely cooperating" with Winter Vivern, another group of cybercriminals that began operating in 2021. In March 2023, Winter Vivern stole the webmail credentials of diplomats from several European countries.

The hacker group used the adversary-in-the-middle (AitM) technique in its work.

"AitM only occurs against a few selected organizations (perhaps just embassies), not countrywide. It is not possible to reproduce the redirection by simply exiting from a random IP address in Belarus," the study says.

This behaviour was observed in two separate provider networks: Unitary Enterprise A1 and Beltelecom.

"This suggests that those ISPs may not provide full data confidentiality and integrity," ESET said.