In a sophisticated and expansive cyberespionage operation, hackers believed to be affiliated with Russia’s foreign intelligence agency targeted numerous diplomats at foreign embassies in Ukraine. The cybersecurity firm Palo Alto Networks’ Unit 42 research division revealed this alarming information in a report. The report highlighted that the hackers used a fake used car advert as their means of infiltrating the diplomats’ computers.
The espionage campaign reached diplomats working in at least 22 out of the approximately 80 foreign missions in Kyiv, Ukraine’s capital city. The initial incident that kicked off the campaign involved a diplomat from the Polish Ministry of Foreign Affairs who innocently emailed a legitimate flyer advertising the sale of a used BMW 5-series sedan located in Kyiv to various embassies. The hackers intercepted the flyer, injected it with malicious software, and distributed it to numerous other foreign diplomats working in Kyiv.
Referred to as APT29 or “Cozy Bear,” the hackers have a history of cyberespionage activities. This particular campaign, however, stands out due to its extensive scale and reach. The report labeled it as a “clandestine advanced persistent threat (APT) operation.” APT29 was already identified in 2021 as a branch of Russia’s foreign Intelligence Service, known as the SVR.
The investigation conducted by Unit 42 researchers revealed that the fake car advert was linked back to the SVR due to the reutilization of specific tools and techniques previously associated with the spy agency. The report emphasized that diplomatic missions have always been prime targets for espionage, particularly given the Russian government’s likely high priority on intelligence surrounding Ukraine and allied diplomatic efforts.
Reuters interviewed the Polish diplomat behind the original advert, who confirmed his involvement and recounted how he received calls from interested parties commenting on the attractive price. However, upon careful examination, he realized that the callers were referring to a slightly lower price listed in the SVR hackers’ doctored version of the advert. Their intention was to entice more individuals to download the malicious software disguised as a photo album of the BMW.
It remains unclear which embassies, if any, were compromised by the hackers. Out of the 22 embassies contacted by Reuters, only one provided a comment. The U.S. State Department stated that their systems and accounts were not affected by the cyberattack.
As for the Polish diplomat’s car, he plans to sell it in Poland, expressing a desire to avoid further complications as a result of this incident.
In conclusion, this cyberespionage operation carried out by hackers likely connected to Russia’s foreign intelligence agency serves as a stark reminder of the ongoing threats diplomats and governments face in the digital realm. Such attacks demand constant vigilance and robust cybersecurity measures to safeguard sensitive information and national security.
Denial of responsibility! VigourTimes is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
