Hackers suspected of working for Russian foreign intelligence targeted dozens of diplomats at Ukrainian embassies with fake used car ads in an attempt to hack into their computers, according to a report by security firm cybernetics seen by Reuters.
The massive spying activity targeted diplomats working in at least 22 of the roughly 80 foreign missions in the Ukrainian capital, Kyiv, analysts at Palo Alto Networks’ Unit 42 research unit said in a report to be released later Wednesday.
“The campaign began with a harmless and legal event,” the report says. “In mid-April 2023, a diplomat from the Polish Ministry of Foreign Affairs sent a legitimate leaflet to various embassies by e-mail advertising the sale of a used BMW 5 Series sedan, located in Kyiv.”
A Polish diplomat, who declined to be identified for security reasons, confirmed the role of his ad in the digital intrusion.
Hackers known as APT29 or “Cosy Bear” intercepted and copied the ad, inserted malware into it, and then sent it to dozens of other foreign diplomats working in Kyiv, Unit 42 said.
“This is on a staggering scale for what are typically clandestine and small-scale Advanced Persistent Threat (APT) operations,” the report said, using an acronym often used to describe state-sponsored cyber espionage groups.
APT29 group, branch of the Foreign Intelligence Service of Russia
In 2021, US and UK intelligence agencies identified the APT29 group as a branch of Russia’s Foreign Intelligence Service (SVR). SVR did not respond to Reuters’ request for comment on the hacking campaign.
In April, Polish counterintelligence and cyber security agencies warned that the same group had carried out a “large-scale espionage campaign” against NATO members, the European Union and Africa.
Unit 42 researchers were able to link the fake car ad to the SVR because the hackers reused certain tools and techniques previously associated with the spy agency.
“Diplomatic missions will always be a high-value target for espionage,” the Unit 42 report said. “After 16 months of Russian invasion of Ukraine, intelligence on Ukraine and allied diplomatic efforts is almost certainly a high priority for the Russian government.”
used BMW
The Polish diplomat said he sent the original ad to various embassies in Kyiv and that someone called him because the price seemed “attractive.”
“When I checked, I realized they were talking about a slightly lower price,” the diplomat told Reuters.
The SVR hackers reportedly listed the Diplomat’s BMW at a lower price of €7,500 in a fake version of the ad in an attempt to trick more people into downloading malware that would give them remote access to their devices.
According to Unit 42, this software was a BMW photo album for sale. Attempts to open these photos could infect the device on which the operation was performed, the report said.
“I will try to sell in Poland”
Twenty-one of the 22 embassies targeted by hackers and contacted later by Reuters did not respond to requests for comment. It was not clear which embassies were compromised and which ones.
A State Department official said it was “aware of this activity and, based on the Office of Cybersecurity and Technology’s review, concluded that it did not affect the Department’s systems or accounts.”
As for the car, it was still available, a Polish diplomat told Reuters:
“I will probably try to sell in Poland,” he said. “After this situation, I don’t want to have any more problems.”
Source: Hot News
James Springer is a renowned author and opinion writer, known for his bold and thought-provoking articles on a wide range of topics. He currently works as a writer at 247 news reel, where he uses his unique voice and sharp wit to offer fresh perspectives on current events. His articles are widely read and shared and has earned him a reputation as a talented and insightful writer.