LONDON: Hackers suspected of working for Russia's foreign intelligence agency targeted dozens of diplomats at embassies in Ukraine with a fake used car advert in a bid to break into their computers, according to a cybersecurity firm report seen by Reuters.
The wide-reaching espionage activity targeted diplomats working in at least 22 of the roughly 80 foreign missions in Ukraine's capital, Kyiv, analysts at the Palo Alto Networks' Unit 42 research division said in the report, due to be published later on Wednesday.
"The campaign began with an innocuous and legitimate event," said the report. "In mid-April 2023, a diplomat within the Polish Ministry of Foreign Affairs emailed a legitimate flyer to various embassies advertising the sale of a used BMW 5-series sedan located in Kyiv".
The Polish diplomat, who declined to be identified citing security concerns, confirmed the role of his advertisement in the digital intrusion.
The hackers, known as APT29 or "Cozy Bear", intercepted and copied that flyer, embedded it with malicious software, then sent it to dozens of other foreign diplomats working in Kyiv, Unit 42 said.
"This is staggering in scope for what generally are narrowly scoped and clandestine advanced persistent threat (APT) operations," said the report, using an acronym often used to describe state-backed cyberespionage groups.
In 2021, U.S. and British intelligence agencies identified APT29 as an arm of Russia's foreign Intelligence Service, the SVR. The SVR did not respond to a request from Reuters for comment about the hacking campaign.
In April, Polish counterintelligence and cybersecurity authorities warned that the same group had conducted a "widespread intelligence campaign" against NATO member states, the European Union, and Africa.
Researchers at Unit 42 were able to tie the fake car advert back to the SVR because the hackers re-used certain tools and techniques which have previously been connected to the spy agency.
"Diplomatic missions will always be a high-value espionage target," the Unit 42 report said. "Sixteen months into the Russian invasion of Ukraine, intelligence surrounding Ukraine and allied diplomatic efforts are almost certainly a high priority for the Russian government".
USED BMW
The Polish diplomat said he had sent the original advert to various embassies in Kyiv, and that someone had called him back because the price looked "attractive".
"When I checked, I realised they were talking about a slightly lower price," the diplomat told Reuters.
SVR hackers, it turns out, had listed the diplomat's BMW for a lower price - 7,500 euros - in their fake version of the advert, in an attempt to encourage more people to download malicious software that would give them remote access to their devices.
That software, Unit 42 said, was disguised as an album of photographs of the used BMW. Attempts to open those photographs would have infected the target's machine, the report said.
Twenty-one of the 22 embassies targeted by the hackers and subsequently contacted by Reuters did not provide comment. It was not clear which embassies, if any, had been compromised.
A U.S. State Department spokesperson said they were "aware of the activity and based on the Directorate of Cyber and Technology Security's analysis found it did not affect Department systems or accounts."
As for the car, it was still available, the Polish diplomat told Reuters:
"I'll try to sell it in Poland, probably," he said. "After this situation, I don't want to have any more problems".
Reuters
Wed Jul 12 2023
The fake used car advert created by hackers suspected of working for Russia's foreign intelligence agency in a bid to break into the computers of dozens of diplomats at embassies in Ukraine. - Unit 42/via REUTERS
Ramsay reveals hundreds of lucky cat statues stolen from new restaurant
Gordon Ramsay says about 477 Japanese cat models called maneki-neko were stolen from his Lucky Cat 22 Bishopsgate restaurant.
Zayn Rayyan case: Two child witnesses complete testimony today
So far, 20 prosecution witnesses, including the two children, have been called for this trial, according to the Deputy Public Prosecutor.
Macron says he will tell Trump not to be weak with Putin in Washington visit
Emmanuel Macron says showing any weakness to Russia's Vladimir Putin would make it harder to deal with China and Iran.
Israeli PM Netanyahu says Hamas will pay for not returning Shiri Bibas
Netanyahu accuse Hamas of acting "in an unspeakably cynical manner" by placing body of a Gaza woman in the coffin instead of Shiri Bibas.
Trump pulls US out of key global climate assessment, sources say
The US is a co-chair along with Malaysia of a working group on climate mitigation, or ways to reduce greenhouse gas emissions.
Japan to court Tesla on Nissan investment, FT reports
The group hopes Tesla will invest strategically, believing it's interested in acquiring Nissan's US plants, the report says.
185 children linked to GISB handed over to families - Exco
The children have been handed over to their families on bond with conditions by the court.
IRS fires 6,000 employees as Trump slashes US government
The move will eliminate roughly 6% of the agency's workforce in the midst of the busy tax-filing season.
Elon Musk wields chainsaw at conservative gathering, a gift from Argentina's Milei
This is the chainsaw for bureaucracy, says Elon Musk.
![[OPINION] For never again the world must know more about the Khojaly genocide](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2025-02/41740112820_KhazarUniversity.jpg "[OPINION] For never again the world must know more about the Khojaly genocide")
[OPINION] For never again the world must know more about the Khojaly genocide
For Azerbaijanis, the Khojaly genocide is more than a historical event - it is a collective trauma that shapes their identity and worldview.
Israeli military says body released by Hamas is not of a hostage
Two bodies were identified as infants, but a third, believed to be their mother, Shiri, didn't match any hostage and remains unidentified.
Key takeaways from Trump-Putin talks: Ukraine, energy, NATO, sanctions
Here's what is known so far about what was discussed.
![[COLUMNIST] Whose rights? Islam, eurocentrism and the limits of human rights](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-09/41726025526_UnitedNations.jpg "[COLUMNIST] Whose rights? Islam, eurocentrism and the limits of human rights")
[COLUMNIST] Whose rights? Islam, eurocentrism and the limits of human rights
For as long as rights are understood on Occidental terms, problems would inevitably remain. What is needed is an appreciation of diversity.
Argentina court clears 3 accused in singer Liam Payne's death
The court upheld the pre-trial detention of a hotel employee and a restaurant waiter held since last month.
Spanish ex-soccer boss Rubiales sentenced to pay fine over kiss without consent
Court also acquits Luis Rubiales' three co-defendants accused of attempting to coerce Jenni Hermoso into saying the kiss was consensual.
King’s health significantly improved after treatment - PM
Datuk Seri Anwar Ibrahim says he had the opportunity to seek an audience with the King twice during his official visit to Bahrain.
Why Trump wants the US Department of Education shut down
The vast majority of US children attend the country's free public schools, which are a big employer and economic engine.
How did a jet flip upside down on a Toronto runway and everyone survive?
Here is what we know about this accident and similar crashes.
TIMELINE - Trump's remarks on plan to take over Gaza, displace Palestinians
The plan has been condemned globally, with Palestinians, Arab nations and rights experts saying it was tantamount to "ethnic cleansing."
'No to drugs' signboards mooted as condition for concert permit
Datuk Hussein Omar Khan says it was part of their recommendations as efforts to curb drug taking at entertainment events.