Report: Hacking group use AiTM attacks to spy on diplomats

TechCrunch reports that a government hacking group called MoustachedBouncer has been targeting or hacking diplomats in the Belarusian government for almost 10 years. According to a recently released report by the antivirus company ESET, at least four foreign embassies — one from South Asia, two from Africa, and two from Europe — have been attacked by the group since 2014. The group intercepts the connections of diplomats at the internet service provider (ISP) level. ESET researchers think Belarusian ISPs are helping the attacks, allowing the hackers to utilize a legal intercept system called SORM that is similar to the one used by Russia, although it's unclear how the group uses the adversary-in-the-middle (AitM) tactic to intercept and change traffic. The operators were trained to find some confidential documents, but were not sure exactly what they were looking for, said ESET researcher Matthieu Faou. "They stayed under the radar for a long time."