Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
State-based actors are repurposing the stolen credentials of diplomats to fuel further cyber espionage, an Israeli cyber security company has said.
Stolen credentials harvested in widespread info-stealer campaigns are being used to craft highly targeted cyber intelligence operations targeting the various ministries of foreign affairs in South Korea, the United Arab Emirates, and the Americas, and elsewhere in Asia, according to a new report from Israeli cyber security company Hudson Rock.
The initial compromise of diplomatic credentials is largely opportunistic, as info stealers such as Lumma and Redline “cast wide nets”, Hudson Rock said in a 31 August post to its Infostealers.com website.
“These infections are opportunistic, often infecting diplomats via phishing or malicious downloads,” Hudson Rock said.
“When credentials belong to officials with MFA mailbox access, they become high-value targets for APTs seeking geopolitical leverage.”
For instance, in May 2025, an info-stealer campaign harvested hundreds of credentials from a computer based in Turkey. Included in the haul were the corporate credentials of the official email account of Oman’s embassy in Ankara.
Then, in June, a Redline info-stealer campaign compromised a computer in Brazil, harvesting the email credentials of Oman’s embassy in the country.
In August of the same year, in a separate incident, the Dream Security Group uncovered a spear-phishing campaign, possibly involving Iranian-linked APTs, using a compromised Omani diplomatic email account linked to its embassy in Paris to distribute targeted malware designed to harvest intelligence during tense Middle East ceasefire talks.
“These credentials, likely stolen through phishing or downloads, could enable APTs to impersonate Omani diplomats, intercept communications on Gulf security or mediation efforts, or launch convincing phishing campaigns, as seen in the Paris embassy case,” Hudson Rock said.
“Oman’s neutral role in diplomacy amplifies the risk, where breaches could escalate tensions through leaked intelligence or missteps.
Official credentials harvested by info-stealer campaigns also played a part during the recent conflict between India and Pakistan. The APT known as Bitter was able to target the Pakistan Telecommunication Company Limited via a compromised email account belonging to the Islamabad Police’s Counter Terrorism Department.
“The credentials’ authenticity allowed seamless intelligence collection during conflict, showing how info stealers serve as a stepping stone for APTs to achieve geopolitical goals,” Hudson Rock said.
You can read the full blog post here.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
