Trojanized TeamViewer Used in Targeted Attacks Against Multiple Embassies
A recent cyberattack campaign employed a weaponized version of TeamViewer and malware disguised as a top secret US government document to target officials in several embassies in Europe.
The malware, phishing documents, and other artifacts used in the attacks appear to all be the work of a single individual using the handle EvaPiks, who's been active in an illegal Russian-carding forum for some time. However, what's still not entirely clear is if the same individual is also solely carrying out the attacks as well, or if others are involved, according to researchers at Check Point Software Technologies who spotted the attacks.
"According to our findings, we can tell that EvaPiks is behind the development of the entire infection chain," says Lotem Finkelsteen, threat intelligence group manager at Check Point. But the type of victims being targeted, and the multiple-stage nature of the attacks, are more indicative of nation-sponsored actors or sophisticated cyber groups, he says.