Hackers turn Bangladeshi embassy website into cryptomining scheme

Almost the entire embassy website appears to be compromised, with nearly every attempt to access a URL ending in a request to save a malicious file.
An embassy in Cairo belonging to Bangladesh was hit pretty hard. (Pexels)

The websites of foreign embassies are often where people go to download visa applications and other documents. They are also ripe openings for embedding malware.

Criminal hackers have taken notice. In the case of the Bangladesh Embassy in Cairo, attackers appear to be using the website to mine cryptocurrency, according to research published Wednesday by SpiderLabs, the security team of Chicago-based company Trustwave.

Almost the entire embassy website appears to be compromised, with nearly every attempt to access a URL ending in a request to save a malicious file, the researchers said. Only three of 69 antivirus engines detected the infected website as malicious.

“This level of compromise usually indicates the attacker’s ability to not only upload their own data, but also change the web server’s configuration,” SpiderLabs’ Nikita Kazymirskyi wrote in a blog post.


The hackers appear to have breached the website in October. In January, SpiderLabs noticed a Microsoft Word document hosted on the site with an embedded malicious script. Researchers say the hackers are exploiting a known vulnerability in Word that, according to the National Vulnerability Database, allows for remote code execution.

“It is possible that the intruders who injected the web miner into the site decided to make a shift from web mining to machine infection in order to install a more persistent cryptominer on victim machines,” Kazymirskyi wrote.

The hackers don’t seem to be of the advanced persistent threat variety associated with nation-states, Kazymirskyi wrote: they are noisy and the malicious Word file wasn’t tailored to those browsing the website.

As of Wednesday, the Bangladeshi embassy site was still compromised despite the researchers’ efforts to contact the hosts, SpiderLabs said.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts