EXECUTIVE SUMMARY:

Check Point researchers identified a cyber attack directed towards government officials and financial authorities in embassies across Europe. The attack delivered malware through an infected file, leveraging Teamviewer -the remote access desktop sharing software- to take over a computer.

The subject line of the malicious emails bore the words, “Military Financing Program”. The files themselves sported an official looking U.S. Department of State emblem, and featured the label “Top Secret.”

Tracking the entire infection chain enabled researchers to observe the unique characteristics of this attack, and to deconstruct its inner workings. Read about the technical details here.

Check Point’s researchers note that “Although the attackers have worked hard to make the document appear convincing, they seem to have overlooked some Cyrillic artifacts…that could potentially reveal more information about the source of the attack.” The attack’s perpetrators appear to be Russian speaking, and may have targeted Russian speaking victims.

A partial list of countries where officials were targeted has been assembled. Based on the locales, it remains unclear as to whether or not geopolitical motives bellied this cyber crime, but an interest in the world of finance is evident.

Check Point’s Threat Emulation and Threat Extraction Software are responsible for the successful detection of the malware.

For a closer look at the situation, dig into Check Point’s Research Blog.