LONDON: Hackers suspected of working for Russia's foreign intelligence agency targeted dozens of diplomats at embassies in Ukraine with a fake used car advert in a bid to break into their computers, according to a cybersecurity firm report seen by Reuters.
The wide-reaching espionage activity targeted diplomats working in at least 22 of the roughly 80 foreign missions in Ukraine's capital, Kyiv, analysts at the Palo Alto Networks' Unit 42 research division said in the report, due to be published later on Wednesday.
"The campaign began with an innocuous and legitimate event," said the report. "In mid-April 2023, a diplomat within the Polish Ministry of Foreign Affairs emailed a legitimate flyer to various embassies advertising the sale of a used BMW 5-series sedan located in Kyiv".
The Polish diplomat, who declined to be identified citing security concerns, confirmed the role of his advertisement in the digital intrusion.
The hackers, known as APT29 or "Cozy Bear", intercepted and copied that flyer, embedded it with malicious software, then sent it to dozens of other foreign diplomats working in Kyiv, Unit 42 said.
"This is staggering in scope for what generally are narrowly scoped and clandestine advanced persistent threat (APT) operations," said the report, using an acronym often used to describe state-backed cyberespionage groups.
In 2021, U.S. and British intelligence agencies identified APT29 as an arm of Russia's foreign Intelligence Service, the SVR. The SVR did not respond to a request from Reuters for comment about the hacking campaign.
In April, Polish counterintelligence and cybersecurity authorities warned that the same group had conducted a "widespread intelligence campaign" against NATO member states, the European Union, and Africa.
Researchers at Unit 42 were able to tie the fake car advert back to the SVR because the hackers re-used certain tools and techniques which have previously been connected to the spy agency.
"Diplomatic missions will always be a high-value espionage target," the Unit 42 report said. "Sixteen months into the Russian invasion of Ukraine, intelligence surrounding Ukraine and allied diplomatic efforts are almost certainly a high priority for the Russian government".
USED BMW
The Polish diplomat said he had sent the original advert to various embassies in Kyiv, and that someone had called him back because the price looked "attractive".
"When I checked, I realised they were talking about a slightly lower price," the diplomat told Reuters.
SVR hackers, it turns out, had listed the diplomat's BMW for a lower price - 7,500 euros - in their fake version of the advert, in an attempt to encourage more people to download malicious software that would give them remote access to their devices.
That software, Unit 42 said, was disguised as an album of photographs of the used BMW. Attempts to open those photographs would have infected the target's machine, the report said.
Twenty-one of the 22 embassies targeted by the hackers and subsequently contacted by Reuters did not provide comment. It was not clear which embassies, if any, had been compromised.
A U.S. State Department spokesperson said they were "aware of the activity and based on the Directorate of Cyber and Technology Security's analysis found it did not affect Department systems or accounts."
As for the car, it was still available, the Polish diplomat told Reuters:
"I'll try to sell it in Poland, probably," he said. "After this situation, I don't want to have any more problems".
Reuters
Wed Jul 12 2023
The fake used car advert created by hackers suspected of working for Russia's foreign intelligence agency in a bid to break into the computers of dozens of diplomats at embassies in Ukraine. - Unit 42/via REUTERS
Bomb squad sent to London's Gatwick Airport after terminal evacuation
This was following the discovery of a suspected prohibited item in luggage.
Kelantan urges caution amidst northeast monsoon rains
Kelantan has reminded the public in the state to refrain from outdoor activities with the arrival of the Northeast Monsoon season.
Former New Zealand PM Jacinda Ardern receives UN leadership award
Former New Zealand prime minister Jacinda Ardern was given a global leadership award by the United Nations Foundation.
ICC'S arrest warrants for Netanyahu, Gallant an apt decision - PM
The decision of the ICC to issue arrest warrants against Benjamin Netanyahu and Yoav Gallant is apt, said Datuk Seri Anwar Ibrahim.
KTMB provides two additional ETS trains for Christmas, school holidays
KTMB will provide two additional ETS trains for the KL Sentral-Padang Besar route and return trips in conjunction with the holidays.
BNM'S international reserves rise to USD118 bil as at Nov 15, 2024
Malaysia's international reserves rose to US$118.0 billion as at Nov 15, 2024, up from US$117.6 billion on Oct 30, 2024.
Findings by dark energy researchers back Einstein's conception of gravity
The findings announced are part of a years-long study of the history of the cosmos focusing upon dark energy.
NRES responds to Rimbawatch press release on COP29
The Ministry of Natural Resources and Environmental Sustainability (NRES) wishes to offer the following clarifications to the issues raised.
Online Safety Bill and Anti-Cyberbullying Laws must carefully balance rights and protections
The Online Safety Advocacy Group (OSAG) stands united with people in Malaysia in the fight against serious online harms.
Malaysia's inflation at 1.9 pct in Oct 2024 - DOSM
Malaysia's inflation rate for October 2024 has increased to 1.9 per cent, up from 1.8 per cent in September this year.
Saudi Arabia showcases Vision 2030 goals at Airshow China 2024
For the first time, Saudi Arabia is participating in the China International Aviation & Aerospace Exhibition held recently in Zhuhai.
King Charles' coronation cost GBP 71mil, govt accounts show
The coronation of Britain's King Charles cost taxpayers GBP72 million (US$90 million), official accounts have revealed.
Couple and associate charged with trafficking 51.9 kg of meth
A married couple and a man were charged in the Magistrate's Court here today with trafficking 51.974 kilogrammes of Methamphetamine.
PDRM to consult AGC in completing Teoh Beng Hock investigation
The police may seek new testimony from existing witnesses for additional insights into the investigation of Teoh Beng Hock's death.
Thai court rejects petition over ex-PM Thaksin's political influence
Thailand's Constitutional Court rejects a petition seeking to stop Thaksin Shinawatra from interfering in the running the Pheu Thai party.
Abidin takes oath of office as Sungai Bakap assemblyman
The State Assemblyman for Sungai Bakap, Abidin Ismail, was sworn in today at the State Assembly building, Lebuh Light.
UPNM cadet officer charged with injuring junior, stomping on him with spike boots
A cadet officer at UPNM pleaded not guilty to a charge of injuring his junior by stomping on the victim's stomach with spike boots.
How Indian billionaire Gautam Adani's alleged bribery scheme took off and unraveled
The indictment was unsealed on Nov. 20, prompting a $27 billion plunge in Adani Group companies' market value.
Elon Musk blasts Australia's planned ban on social media for children
Several countries have already vowed to curb social media use by children through legislation, but Australia's policy could become one of the most stringent.
Trump picks Pam Bondi for US Attorney General after Gaetz withdraws
Bondi was the top law enforcement officer of the country's third most populous state from 2011 to 2019, and served on Trump's Opioid and Drug Abuse Commission during his first administration.