Russian-Speaking Cybercriminals Target European Embassies

Russian-speaking cybercriminals have launched phishing attacks against several European embassies located in Italy, Liberia, Kenya, and other countries. The attackers sent phishing emails to embassy officials, posing as representatives of the U.S. Department of State.

Details of the Attack

According to researchers from Check Point, the malicious emails contained Microsoft Excel documents titled “Military Financing Program” and marked as “Top Secret.” When recipients enabled the malicious macros in these documents, two files were extracted. Notably, a malicious TeamViewer DLL library (TV.DLL) was downloaded onto the targeted system.

Evidence of Russian Involvement

Researchers identified the attackers as Russian-speaking based on Cyrillic characters and even entire documents in Russian that were accidentally left behind. However, Check Point experts believe these cybercriminals are not politically motivated or government-sponsored hackers. Their victims are spread across various geopolitical regions worldwide.

Primary Targets and Motives

The cybercriminals appear to be particularly interested in tax officials, who are among the victims. The researchers suggest that the attackers are motivated by financial gain rather than political objectives.

Identifying the Perpetrators

Investigators managed to track down one of the cybercriminals, known as EvaPiks, who is registered on several hacker and carding forums. EvaPiks has published instructions for carrying out these types of cyberattacks and has provided consultations to others. Given the attackers’ connections to the carding community, researchers believe their main goal is financial profit.