LONDON (Reuters) – Hackers suspected of working for Russia’s foreign intelligence agency have launched a sophisticated cyber espionage campaign targeting diplomats at embassies in Ukraine. According to a report by cybersecurity firm Palo Alto Networks’ Unit 42 research division, the hackers used a fake used car advert as a decoy to infiltrate diplomats’ computers. The report, set to be published later today, reveals that at least 22 out of approximately 80 foreign missions in Kyiv were affected.
The campaign was initiated when a diplomat from the Polish Ministry of Foreign Affairs sent a legitimate car advert featuring a used BMW 5-series sedan for sale in Kyiv to various embassies. The Polish diplomat confirmed the role of his advertisement in the digital intrusion.
APT29, also known as “Cozy Bear,” the notorious Russian hacking group, intercepted and manipulated the legitimate flyer, embedding it with malicious software, before distributing it to multiple foreign diplomats in Kyiv. The report highlighted the scope of this operation, describing it as “staggering” compared to typical advanced persistent threat (APT) activities, which tend to be highly targeted and secretive.
The SVR, Russia’s foreign Intelligence Service, is believed to be responsible for APT29. In 2021, US and British intelligence agencies identified APT29 as affiliated with the SVR. However, the SVR has not responded to Reuters’ request for comment on this hacking campaign. Earlier this year, Polish counterintelligence and cybersecurity authorities issued warnings about APT29 conducting extensive intelligence operations targeting NATO member states, the European Union, and Africa.
Palo Alto Networks’ Unit 42 researchers were able to link the fake car advert to the SVR because the hackers employed tools and techniques previously associated with the spy agency. The report also emphasized the high-value nature of diplomatic missions as targets for espionage, particularly during a time when Russia’s invasion of Ukraine continues.
The Polish diplomat, who originally sent the advert, disclosed that several embassies reached out to him, enticed by the attractive price mentioned in the advert. However, upon investigation, the diplomat discovered that the hackers had altered the price to make it more enticing. The hackers listed the diplomat’s BMW for 7,500 euros in their version of the advert, aiming to lure individuals into downloading malicious software disguised as an album of photographs of the car. Opening these photographs resulted in the target’s device becoming infected with malware.
While Reuters contacted 22 embassies targeted in the cyberattack, only one provided comment. Currently, it remains unclear which embassies, if any, fell victim to the hacking operation. The US State Department, on the other hand, stated that its systems and accounts were not impacted by the attack.
As for the diplomat’s car, it is still available for purchase. However, he intends to sell it in Poland instead. With the hacking incident causing significant trouble, he aims to avoid any further problems.
(Reporting by James Pearson; Editing by Conor Humphries)
Credit: The Star : News Feed