Polish Military Counterintelligence Service and CERT cybersecurity taskforce have established that a group of hackers was stealing information from diplomatic missions in the EU, NATO member states, and African countries, posing as presentative of embassies of various European countries. They would send emails with attachments that would include phishing links, tricking users into installing malicious software on their devices.
According to the report, the campaign corresponds to the known modus operandi of Nobelium hacker group (as designated by Microsoft), also known as APT29 (as designated by Mandiant cybersecurity firm). The group was behind the high-profile SolarWinds security breach in 2020.
At the same time, this most recent operation used a new type of software. The Polish government said it decided to go public with the discovery, hoping to derail the ongoing hacking campaign.