Hackers suspected of working for russian foreign intelligence have targeted dozens of diplomats at embassies in Ukraine with a fake used car sales ad in an attempt to hack into their computers. This is reported by Reuters.
The corresponding information is presented in the report of the analysts of the Palo Alto Networks Unit 42. According to their data, the espionage activity was aimed at diplomats working in at least 22 of the approximately 80 foreign missions in Kyiv. The campaign began with a harmless and legitimate event.
“In mid-April 2023, a diplomat within the Polish Ministry of Foreign Affairs emailed a legitimate flyer to various embassies advertising the sale of a used BMW 5-series sedan located in Kyiv,” the report states.
A Polish diplomat, who declined to be named for security reasons, confirmed the role of his advertising in the digital intrusion. Hackers known as APT29 or Cozy Bear intercepted and copied the flyer, embedded malware in it, and then sent it to dozens of other foreign diplomats working in Kyiv.
In 2021, American and British special services identified APT29 as a unit of the Russian Foreign Intelligence Service. In April, Polish counterintelligence and cyber security authorities warned that the same group had conducted a “large-scale intelligence campaign” against NATO member states, the European Union and Africa.
Unit 42 researchers were able to link the fake car ads to the russian Foreign Intelligence Service because the hackers reused certain tools and techniques previously associated with the spy agency.
It was previously reported that since April 2023, Microsoft linked the group threats, which it tracked as Cadet Blizzard, with the Main Directorate of the General Staff of the russian Armed Forces (also known as the GRU).