A US-based cybersecurity firm has identified a cyber-attack by a Russian intelligence agency against embassies in Ukraine by hacking a used car advert, according to Reuters.

In April a Kyiv-based Polish diplomat sent out an emailed flyer to other embassies offering his second-hand BMW 5 series car for sale.

Screenshot of the “car for sale” advertisement

Analysts at the Palo Alto Networks’ Unit 42 research division identified that the original advertisement had been intercepted by the hacking group APT29 / Cozy Bear, which is allegedly affiliated to one or more Russian intelligence agencies.

Having intercepted the original legitimate email, the hackers copied it, embedded malicious software into the flyer and then sent their copy to a large number of foreign embassies in Kyiv.

Advertisement

They had lowered the original asking price in their version of the circular, which was sent as an attachment to the email in an attempt to encourage recipients to open it; the hackers software was concealed in one of the photos of the car. Once opened it would potentially infect their systems with Cozy Bear’s software giving the hackers control of their network.

A spokesperson for Unit 42 is quoted as saying: “This is staggering in scope for what generally are narrowly scoped and clandestine advanced persistent threat (APT) operations.” The acronym APT is often used to describe cyber-based espionage, sabotage or service disruption attacks by state-backed hacking groups.

Two Kyiv Hospitals Evacuate Over Feared Russian Strikes
Other Topics of Interest

Two Kyiv Hospitals Evacuate Over Feared Russian Strikes

Kyiv officials announced evacuation of two hospitals after KGB chief in Moscow-allied Belarus said on national television that the buildings hosted military personnel “hiding behind sick children.”

APT29 has been linked to a number of attacks against NATO and European Union member embassies and foreign ministries through “spear-phishing” emails or links to infected websites. Its activities have been linked to both Russia’s foreign intelligence service (SVR) and its federal security service (FSB)

Researchers at Unit 42 believe that the fake car advertisement used tools and techniques that have been previously linked to the SVR.

Unit 42 told Reuters that “Diplomatic missions will always be a high-value espionage target. Sixteen months into the Russian invasion of Ukraine, intelligence surrounding Ukraine and allied diplomatic efforts are almost certainly a high priority for the Russian government.”

Advertisement

It is believed that individuals from 22 embassies received the email and all but one would not provide a comment when contacted by Reuters. There is no information on which, if any, of the targeted embassies were compromised.

The Polish diplomat who originally advertised the car commented: “I’ll try to sell it in Poland, probably…  I don’t want to have any more problems.”

To suggest a correction or clarification, write to us here
You can also highlight the text and press Ctrl + Enter
Kyiv Post
Kyiv Post
The Kyiv Post is Ukraine's English-language newspaper and proud winner of the 2014 Missouri Honor Medal for Distinguished Service in Journalism. The newspaper's first print edition came out on Oct. 18, 1995, and went online in 1997.
RELATED ARTICLES
Ukraine Army Commander Says Situation 'Worsened' War in Ukraine
Ukraine Army Commander Says Situation 'Worsened'
By AFP
6 hours ago
Moscow Claims Forces Took Control of Village in Eastern Ukraine War in Ukraine
Moscow Claims Forces Took Control of Village in Eastern Ukraine
By AFP
8 hours ago
Supporting and Building Ukrainian Science EXCLUSIVE
OPINION: Supporting and Building Ukrainian Science
By Charles Cockell
11 hours ago
Sponsored content

Comments (0)

https://www.kyivpost.com/assets/images/author.png
Best Oldest Newest
Write the first comment for this!
« Previous Russian Veto Scuppers Syria Aid Lifeline Extension
Next » ‘A Blatant Backroom Deal’ - Russians Outraged by Ukraine’s Svitolina Reaching Wimbledon Semi-Finals