The group's intricate tactics, techniques and procedures were also discussed on the ESET Research Podcast. Both NightClub and Disco support additional spying plugins including a screenshotter, an audio recorder, and a file stealer.Starting in 2020, the group has been using, in parallel, a second malware framework we have named Disco.It uses the SMTP and IMAP (email) protocols for C&C communications. Since 2014, the group has been operating a malware framework that we have named NightClub.We assess with low confidence that MoustachedBouncer is closely cooperating with Winter Vivern, another group targeting European diplomats but using different TTPs.We believe that MoustachedBouncer uses a lawful interception system (such as SORM) to conduct its AitM operations.MoustachedBouncer has used the adversary-in-the-middle technique since 2020 to redirect captive portal checks to a C&C server and deliver malware plugins via SMB shares.MoustachedBouncer specializes in the espionage of foreign embassies in Belarus.We assess with medium confidence that they are aligned with Belarus's interests.MoustachedBouncer has been operating since at least 2014.The group uses two separate toolsets that we have named NightClub and Disco. Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle (AitM) attacks at the ISP level, within Belarus, in order to compromise its targets. The group has been active since at least 2014 and only targets foreign embassies in Belarus. For more detailed information about activation see How to activate ESET Endpoint Antivirus and enter the credentials you received with your ESET Security product in License details window.MoustachedBouncer is a cyberespionage group discovered by ESET Research and first publicly disclosed in this blogpost. If you did not enter your License key after installation, you can do so at any time. This is only possible if the correct License key is entered in Help and support > Activate Product.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |