MoustachedBouncer

MISP

Type:
Nation-state

Country:
BY

First seen:
Unknown

Details:

MoustachedBouncer is a cyberespionage group discovered by ESET Research and first publicly disclosed in August 2023. The group has been active since at least 2014 and only targets foreign embassies in Belarus. Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle (AitM) attacks at the ISP level, within Belarus, in order to compromise its targets. The group uses two separate toolsets that we have named NightClub and Disco.

MITRE ATT&CK: View on MITRE

Techniques Used (8)

ID	ATT&CK	Tactics
T1027.002	Software Packing	-
T1059.001	PowerShell	-
T1059.007	JavaScript	-
T1068	Exploitation for Privilege Escalation	-
T1074.002	Remote Data Staging	-
T1090	Proxy	-
T1113	Screen Capture	-
T1659	Content Injection	-

References (1)

welivesecurity.com - Moustachedbouncer Espionage Against Foreign Diplomats In Belarus

Related Malware (3)

Disco
other

NightClub
other

SharpDisco
other

Metadata

ID:	427
Created:	13/01/2026 17:48
Updated:	07/03/2026 04:00