Security researchers gave mixed grades to a recently discovered hacking campaign targeting government finance authorities and embassies.
On the one hand, the attacks used carefully crafted decoy documents to trick carefully selected targets into installing malware that could gain full control of computers.
On the other, a developer involved in the operation sometimes discussed the work in public forums.
The campaign has been active since at least 2018 when it sent Excel documents claiming to contain top-secret US data to people inside governments and embassies in Europe, security firm Check Point reported in a post published Monday.
Macros in the documents would send a screenshot and user details of the target’s PC to a control server and then install a malicious version of TeamViewer that claimed to offer additional functionality.
A poorly secured control server allowed Check Point researchers to periodically see screenshots that were uploaded from infected computers, at least until the server was locked down.