Embassies in Europe have wound up on the receiving end of an ongoing hacking campaign with roots in Russia, a multinational cybersecurity firm warned Monday.
Researchers at Check Point reported becoming aware of a weaponized spreadsheet being emailed to targets described as “government finance authorities and representatives in several embassies in Europe.”
Attached to emails bearing the subject “Military Financing Program,” the booby-trapped document bears the seal of the U.S. State Department and claims to contain top secret information that can only be accessed if the recipient follows instructions that actually executes malicious code on their computer, according to the report.
Individuals who opened the purported State Department spreadsheet and followed the included steps would have allowed attackers to gain “full control” of the infected computer, Check Point reported.
Among the intended targets were officials representative of Nepal, Guyana, Kenya, Italy, Liberia, Bermuda and Lebanon, the report found.
“It is hard to tell if there are geopolitical motives behind this campaign by looking solely at the list of countries it was targeting, since it was not after a specific region and the victims came from different places in the world,” Check Point reported. “Nevertheless, the observed victims list reveals a particular interest of the attacker in the public financial sector, as they all appear to be handpicked government officials from several revenue authorities.”
Despite having some hallmarks a well-thought-out attack, Check Point reported that its researchers were able to trace the malicious code to a Russian speaker who has previously shared excerpts on internet hacking forums using the handle “EvaPiks.”
While far from definitive attribution, Check Point is hardly the only cybersecurity firm to spot Russian hackers using the State Department to stage attacks. FireEye and CrowdStrike both reported late last year that “Cozy Bear,” the name given by cybersecurity professionals to hackers associated with Russian intelligence, were suspected of impersonating State Department employees as part of a phishing scheme targeting potential victims across several critical sectors.
“We can confirm that no Department networks were compromised,” a State Department official told The Washington Times on Wednesday.
Founded in 1993 in Tel Aviv, Israel, Check Point boasted deferred revenues of $1.3 billion in its first-quarter report earlier this week, a 13 percent increase year over year.
Check Point was able to stop the hacking campaign using proprietary cybersecurity services, according to its report
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.