Russian Hackers Attack Foreign Diplomats in Ukraine Using Cheap BMW Ad

In a clever and unconventional act of espionage, Russian hackers used a fake BMW advert to attack foreign diplomats in Ukraine. According to analysts at Palo Alto Networks' Unit 42 research division, hackers targeted 22 of the 80 embassies located in Kyiv, sending them the advertisement flyer.

Though it's unclear which embassies were compromised, dozens of diplomats potentially fell for the trap. The attack was tracked back to APT29 or Cozy Bear", a Russian cyber espionage group backed by the country's foreign intelligence service SVR.

Here's How the Hackers Carried Out the Cyber Attack

Interestingly, the cyber-attack began with a legitimate advert by a Polish diplomat selling a used 2011 BMW 5-series sedan from the F-10 generation in Kyiv. The diplomat, who's part of the Polish Ministry of Foreign Affairs, emailed the flyer advertising the sale to various embassies.

The BMW 5-series was already an attractive choice for the victims, and the low price set by the hackers ensured that they'd be checking it out.

However, the advertisement was intercepted by the APT29 unit, who copied it and embedded it with malicious software meant to break into infected computers. The hackers also edited the advert to reduce the price further, setting it at only 7,500 Euros to make it attractive.

This copy of the flyer was then sent out to dozens of other foreign diplomats located in Kyiv.

According to the report by Unit 42, APT29 disguised the malicious software as an album of photographs of the advertised car. Anybody attempting to open the album would unknowingly download the software, allowing the hackers to access their computers remotely.

The cyber-attack came to light when the Polish diplomat received a call from an interested buyer who received APT29's copy of the flyer.

The caller told him that the price was attractive, following which the Polish diplomat eventually checked the advert and realized that they were talking about a slightly lower price. I'll try to sell it in Poland, probably," he said later, adding that he didn't want any more problems after this incident.

More About the APT29 Unit and Its Activities

APT29 is a Russian cyber threat group that began operations in 2008 and gained prominence after 2014.

Also known as CozyBear, CozyCar, CozyDuke, and Office Monkeys, the group carried out a series of precise attacks on high-profile targets, including the US White House, the Democratic National Committee, and the Department of State in 2014.

The US and British Intelligence agencies in 2021 identified the group as an arm of SVR, the Russian foreign intelligence service. However, the APT29 unit is generally known to be very precise and secretive in its operations.

This is staggering in scope for what generally are narrowly scoped and clandestine advanced persistent threat (APT) operations.Unit 42 report

The Polish counterintelligence and cyber security authorities in April warned of a widespread intelligence campaign" carried out by the group against the European Union, Africa, and NATO member states.

The report affirmed that diplomatic missions will always remain high-value targets for espionage missions. Especially at a time when the Russian invasion of Ukraine has been going on for sixteen months, obtaining intelligence on diplomatic efforts by Ukraine and its allies is naturally a top priority for Russia.

The post Russian Hackers Attack Foreign Diplomats in Ukraine Using Cheap BMW Ad appeared first on The Tech Report.