What fools these mortals be: ‘Shakespearean’ hackers hit Azerbaijani government and energy sectors

Hackers are throwing references to Shakespeare in code being used to target the country's wind industry.
Shakespeare hackers
The statue of William Shakespeare at Leicester Square in London. Hackers have started throwing reference to Shakespeare into code. (Getty Images)

A mysterious set of hackers has in recent months launched data-stealing attacks against Azerbaijan government officials and companies in the country’s wind industry, researchers from Cisco Talos said Thursday.

The attackers are using a new hacking tool, whose code is littered with references to English playwright William Shakespeare, to try to gain remote access to target computers and exfiltrate data automatically.

The allusion to Shakespeare is an enigma, as is the culprit. What is clear is that Azerbaijan faced a concerted effort to steal data from sensitive assets in and out of government.

The hackers mimicked the Azerbaijani government’s email infrastructure in a likely attempt to pluck login credentials from officials. “The actor monitored specific directories, signaling they wanted to exfiltrate certain information on the victims,” Talos researchers said in a blog post.


The hackers have also shown an “interest” in the control systems, known as Supervisory Control and Data Acquisition (SCADA) systems, used in wind turbines in Azerbaijan, according to Talos. The researchers declined to detail the activity they observed involving SCADA systems.

Azerbaijan — an oil-rich country wedged between Iran and Russia — has recently made big investments in wind energy. Companies from Saudi Arabia and the United Arab Emirates will invest $400 million in large wind and solar projects, Azerbaijan’s energy minister said in February.

It is unclear how many of the attacks were successful. A spokesperson for the Azerbaijan government did not respond to a request for comment.

“We can gauge their attacks as purely espionage-focused for now but they could have easily taken enough information, credentials and important files to be able to carry out further activities such as ransom[ware] attacks,” Talos threat researcher Warren Mercer told CyberScoop in an email.

Like many hacking campaigns in recent weeks, the hackers who hit Azerbaijani organizations worked the novel coronavirus pandemic into their attacks. A document purporting to be a government count of COVID-19 cases was laced with malicious code.


For now, the cyber activity has stopped, Mercer said. But new malware, and perhaps a new hacking group, is on the radar of cybersecurity teams.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts