A huge cyber-attack has been carried out across more than 15 countries, with the hackers targeting former soviet embassies across the globe.
Embassies in France, Ukraine, China, Poland and others have all been hit by hackers, though the specific state embassies targeted remain undisclosed at the time of writing.
Security researchers at Symantec discovered the attacks, and have claimed the hackers may be backed by a nation state.
According to Symantec, the known malware (called Wipbot and Tavdig) was planted in these embassies to enable the hackers to carry out reconnaissance work and, most worryingly, find human targets.
The firm believes this malware was planted on websites often visited by embassy staff – a technique known as a watering hole attack that ensures maximum throughput.
It’s claimed that if high-profile targets were unearthed by hackers using Wipbot and Tavdig, more complex malware would then be applied (namely Turla, Uroboros, Snake and Carbon.)
Most minds would likely jump to the US as the mysterious nation state behind the attack, however intriguingly the source of the hacking has been traced back to the UTC +4 timezone, which includes Moscow.
“In one instance, the malware delivered was disguised as a Shockwave installer bundle,” said a Symnatec researcher in a statement. “”Wipbot was then used to gather further information about the infected computer.”
“If the attackers deemed the victim of interest, it appears likely that a second back door trojan with far greater capabilities was downloaded on to the victim’s computer.”