February 17, 2023
Check Point Research, the threat intelligence arm a major Israel-based cybersecurity company, has published a detailed research about a sophisticated attack against Armenian targets.
The specific attack described in the research involved the name of Alexander Lapshin, a Russian-Israeli travel blogger, journalist, and human rights activist, who was detained in Belarus in 2016 and extradited to Azerbaijan over his visit to Nagorno-Karabakh. He was detained in Azerbaijan for 9 months and after release from Baku prison, Lapshin took the case to the European Court of Human Rights and won. The ECHR mandated that Azerbaijan pay 30,000 Euros as compensation. After the verdict, Lapshin publicly posted a picture of the credit card he opened to receive his compensation, issued by the Armenian Artsakhbank.
Interestingly, this story seems to have made Lapshin’s name an attractive lure for the attackers targeting the bank. Lapshin wrote about this at the time.
Our team at CyberHUB-AM helped worked with Check Point Research and Alexandr Lapshin to investigate the details of the attack against ArtsakhBank. We also think that the attackers might have targeted more victims in Armenia and would welcome any feedback, samples of emails and malware for further research.
Overall, the details in the research indicate that the underlying threat actors have been maintaining the development of Auto-IT based malware for the last seven years and are using it in surveillance campaigns whose targets are consistent with Azerbaijani interests.
The full research is available here.