Russia-based hackers recently targeted attacks against European embassies based across the globe. The hackers used malicious email attachments, which were disguised as "top secret" US government documents, to gain full access to their victims' systems.
The malware used by the cybercriminals is designed to weaponize TeamViewer - the popular remote access sharing software. According to researchers at Check Point, who discovered the attack, the Russian hackers targeted European embassies based in Nepal, Kenya, Guyana, Italy, Lebanon, Liberia and Bermuda.
"It is hard to tell if there are geopolitical motives behind this campaign by looking solely at the list of countries it was targeting, since it was not after a specific region and the victims came from different places in the world," Check Point researchers wrote in a blog. "Nevertheless, the observed victims list reveals a particular interest of the attacker in the public financial sector, as they all appear to be handpicked government officials from several revenue authorities."
Given that the campaign specifically targeted individuals in governemnt revenue departments, Check Point security experts suggest that the motive of the attackers may be financial. The researchers were also able to identify a Russian-speaking cybercriminal, who they believe, was in charge of all the hacking tools crafted for and deployed in this campaign.
The cybercriminal, who goes by the pseudonym "EvaPiks" on several underground cybercrime forums, appears to have been careless enough to have left a trail of digital breadcrumbs that led to Check Point's researchers uncovering his/her online history and persona. This suggests that the attackers may not possess the advanced skill sets that are common among the perpetrators of high-profile cyber-espionage campaigns.
"On the one hand, from the findings we have described, this appears to be a well thought-out attack that carefully selects a handful of victims and uses tailored decoy content to match the interests of its target audience," Check Point researchers said. "On the other hand, some aspects of this attack were carried out with less caution, and have exposed details that are usually well disguised in similar campaigns, such as the personal information and online history of the perpetrator, as well as the outreach of their malicious activity."
This article originally appeared in IBTimes US.