Belarusian hackers attack foreign diplomats through local Internet providers

Author:
Anhelina Sheremet
Date:

In Belarus, hackers linked to the government have been attacking foreign diplomats in the country for almost 10 years.

This is stated in the report of the company ESET, which develops antivirus programs.

Itʼs about the activities of a recently discovered government hacking group, which the company has named MustachedBouncer. According to ESET, the group hacked, or at least targeted, diplomats by intercepting their connections at the Internet Service Provider (ISP) level, which involves close cooperation with the government of Belarus. Since 2014, MustachedBouncer has attacked at least four foreign embassies in Belarus: two European, one from South Asia, and one from Africa.

ESET said it first discovered MustachedBouncer in February 2022, days after Russia invaded Ukraine, with a cyberattack targeting specific diplomats at the European countryʼs embassy.

It is not clear how MustachedBouncer can intercept and modify traffic. ESET researchers believe that this is due to the fact that Belarusian ISPs are involved in the attacks, which allows hackers to use a legitimate interception system.

ESET researchers discovered the attack last February and analyzed the malware used, which allowed them to identify other attacks, the oldest of which dates back to 2014. In the period from 2014 to 2018, there were no cyber attacks.

"The operators were trained to find some sensitive documents, but we are not sure exactly what they were looking for. They operate only inside Belarus against foreign diplomats. We have never seen any MustachedBouncer attacks outside of Belarus," noted ESET researcher Mathieu Fau in an interview with TechCrunch.