According to a report in Check Point Research, Russian hackers attacked several European embassies by sending them malicious email attachments disguised as official documents.
The European embassies in Italy, Guyana, Nepal, Liberia, Bermuda, Lebanon and Kenya were targeted by the hackers. The malicious email attachment looked like a document from United States State Department and contained Microsoft Excel sheets that contained macros, once those macros were opened, the hackers took complete control of the infected system through TeamViewer, which is a popular remote access service.
According to the Press release “It is hard to tell if there are geopolitical motives behind this campaign by looking solely at the list of countries it was targeting,” it further added “since it was not after a specific region and the victims came from different places in the world”According to the Checkpoint government officials from revenue were the intended target “They all appear to be handpicked government officials from several revenue authorities,” the press release says.
CheckPoint suggested that the attackers are from Russia but denied the possibility of a state-sponsored attack. One of the hackers was traced back and it was found that it has a registration on a carding forum as a username “Evapiks,” the hacker has instructed how to carry out cyberattacks on forums. Because of the attacker’s involved in the carding community, checkPoint suggested the attack could have been “Money motivated”