Check Point Research has put out a new report which reveals that several U.S. embassies in different countries have been targeted by Russian hackers. Emails with malicious attachments that were disguised as official State Department documents were sent to officials in these embassies. They were mainly Excel sheets with malicious macros which appeared to have come from the State Department.
U.S. embassies in countries like Italy, Nepal, Bermuda, Lebanon, Kenya, and others were targeted in these attacks. Once the malicious files were opened, the hackers would be able to get full control of the affected computer through infecting TeamViewer, which is a widely used remote access service.
“They all appear to be handpicked government officials from several revenue authorities,” the report mentions, highlighting that it’s difficult to say whether there are geopolitical motives behind this hacking campaign which also targeted government finance officials.
The attacks are believed to have been carefully planned with the malicious documents being based on the victims’ interests thus raising the chances of them being opened. However, some parts of the attack were carried out less carefully in which the browsing history and personal information of the perpetrator were exposed. It’s also believed that these attacks may not be state-sponsored and that the hackers may have financial motivations instead.