LONDON: Hackers suspected of working for Russia's foreign intelligence agency targeted dozens of diplomats at embassies in Ukraine with a fake used car advert in a bid to break into their computers, according to a cybersecurity firm report seen by Reuters.
The wide-reaching espionage activity targeted diplomats working in at least 22 of the roughly 80 foreign missions in Ukraine's capital, Kyiv, analysts at the Palo Alto Networks' Unit 42 research division said in the report, due to be published later on Wednesday.
"The campaign began with an innocuous and legitimate event," said the report. "In mid-April 2023, a diplomat within the Polish Ministry of Foreign Affairs emailed a legitimate flyer to various embassies advertising the sale of a used BMW 5-series sedan located in Kyiv".
The Polish diplomat, who declined to be identified citing security concerns, confirmed the role of his advertisement in the digital intrusion.
The hackers, known as APT29 or "Cozy Bear", intercepted and copied that flyer, embedded it with malicious software, then sent it to dozens of other foreign diplomats working in Kyiv, Unit 42 said.
"This is staggering in scope for what generally are narrowly scoped and clandestine advanced persistent threat (APT) operations," said the report, using an acronym often used to describe state-backed cyberespionage groups.
In 2021, U.S. and British intelligence agencies identified APT29 as an arm of Russia's foreign Intelligence Service, the SVR. The SVR did not respond to a request from Reuters for comment about the hacking campaign.
In April, Polish counterintelligence and cybersecurity authorities warned that the same group had conducted a "widespread intelligence campaign" against NATO member states, the European Union, and Africa.
Researchers at Unit 42 were able to tie the fake car advert back to the SVR because the hackers re-used certain tools and techniques which have previously been connected to the spy agency.
"Diplomatic missions will always be a high-value espionage target," the Unit 42 report said. "Sixteen months into the Russian invasion of Ukraine, intelligence surrounding Ukraine and allied diplomatic efforts are almost certainly a high priority for the Russian government".
USED BMW
The Polish diplomat said he had sent the original advert to various embassies in Kyiv, and that someone had called him back because the price looked "attractive".
"When I checked, I realised they were talking about a slightly lower price," the diplomat told Reuters.
SVR hackers, it turns out, had listed the diplomat's BMW for a lower price - 7,500 euros - in their fake version of the advert, in an attempt to encourage more people to download malicious software that would give them remote access to their devices.
That software, Unit 42 said, was disguised as an album of photographs of the used BMW. Attempts to open those photographs would have infected the target's machine, the report said.
Twenty-one of the 22 embassies targeted by the hackers and subsequently contacted by Reuters did not provide comment. It was not clear which embassies, if any, had been compromised.
A U.S. State Department spokesperson said they were "aware of the activity and based on the Directorate of Cyber and Technology Security's analysis found it did not affect Department systems or accounts."
As for the car, it was still available, the Polish diplomat told Reuters:
"I'll try to sell it in Poland, probably," he said. "After this situation, I don't want to have any more problems".
Reuters
Wed Jul 12 2023
The fake used car advert created by hackers suspected of working for Russia's foreign intelligence agency in a bid to break into the computers of dozens of diplomats at embassies in Ukraine. - Unit 42/via REUTERS
Penyewa ‘tinggal’ bom mortar dalam rumah
Objek itu dipercayai ditinggalkan oleh bekas penyewa yang telah berpindah keluar pada Januari lalu.
Hamilton juara Grand Prix Britain, kemenangan pertama sejak 2021
Lewis Hamilton mengalahkan Max Verstappen dan Lando Norris untuk menjuarai Grand Prix Britain, kemenangan pertamanya sejak 2021 dan ke-104 sepanjang kariernya.
Tindakan Panama pasang kawat berduri di sempadan dikritik
Tindakan kerajaan Panama memasang pagar kawat berduri bagi menyekat aliran pendatang melalui hutan Darien yang menghubungkan Amerika Tengah ke Colombia, mencetuskan tentangan daripada penduduk tempatan dan negara jiran.
Menurut Perkhidmatan Sempadan Negara Panama minggu ini, lintasan sempadan tanpa kebenaran di hutan telah menjadi laluan utama bagi kebanyakan pendatang yang menuju ke Amerika Syarikat.
Menurut Perkhidmatan Sempadan Negara Panama minggu ini, lintasan sempadan tanpa kebenaran di hutan telah menjadi laluan utama bagi kebanyakan pendatang yang menuju ke Amerika Syarikat.
Sebuah lapangan terbang di California terbakar
Sejumlah anggota bomba menggunakan helikopter dan kapal terbang pada Sabtu untuk mengawal kebakaran berhampiran lapangan terbang di timur Sacramento, California.
Rakaman dari dalam Lapangan Terbang Placerville di El Dorado County menunjukkan kawasan sekitar diselubungi asap dan api yang disebut sebagai Pay Fire.
Rakaman dari dalam Lapangan Terbang Placerville di El Dorado County menunjukkan kawasan sekitar diselubungi asap dan api yang disebut sebagai Pay Fire.
2024 mungkin jadi tahun paling panas di dunia - Kajian
2024 berkemungkinan menjadi tahun paling panas di dunia.
Berdasarkan rekod di kebanyakan negara setakat Jun tahun ini, perkhidmatan pemantauan iklim EU pada Isnin berkata, suhu global kini telah melebihi 1.5°C atau 2.7 Fahrenheit yang merupakan had ditetapkan dalam Perjanjian Paris susulan peningkatan suhu luar biasa.
Berdasarkan rekod di kebanyakan negara setakat Jun tahun ini, perkhidmatan pemantauan iklim EU pada Isnin berkata, suhu global kini telah melebihi 1.5°C atau 2.7 Fahrenheit yang merupakan had ditetapkan dalam Perjanjian Paris susulan peningkatan suhu luar biasa.
EURO 2024: Polis Jerman lega Turkiye tersingkir
Polis di Jerman menarik nafas lega selepas Belanda bangkit daripada ketinggalan untuk menewaskan Turkiye pada EURO 2024.
Pemimpin sayap kiri gesa Macron panggil NFP bentuk kerajaan
Presiden Perancis Emmanuel Macron mesti mengaku kalah dalam pilihan raya parlimen Perancis, di mana pakatan sayap kiri 'New Popular Front' (NFP) memenangi kerusi terbanyak walaupun tidak mencapai jumlah majoriti mutlak.
Seoul kesal kenyataan kakak Kim Jong Un
Kementerian penyatuan Korea Selatan yang mengendalikan hal ehwal antara Korea pada Isnin kesal selepas Kim Yo Jong, kakak kepada pemimpin Korea Utara Kim Jong Un, menuduh Presiden Korea Selatan Yoon Suk Yeol menimbulkan ketegangan di semenanjung Korea.
Menurut laporan media kerajaan, Kim mengecam Yoon kerana menimbulkan ketegangan di semenanjung Korea untuk mengalihkan perhatian daripada masalah di negara sendiri.
Menurut laporan media kerajaan, Kim mengecam Yoon kerana menimbulkan ketegangan di semenanjung Korea untuk mengalihkan perhatian daripada masalah di negara sendiri.
Latihan ketenteraan Korea Selatan adalah bentuk provokasi
Latihan ketenteraan Korea Selatan baru-baru ini berhampiran sempadan antara kedua-dua negara adalah provokasi yang tidak boleh dimaafkan.
Berdasarkan laporan media kerajaan KCNA, menurut Kim Yo Jong, kakak kepada pemimpin Korea Utara Kim Jong Un pada isnin, seandainya Korea Utara menilai kedaulatannya sendiri dicabul, angkatan tenteranya akan segera melaksanakan misi dan tugas mengikut perlembagaannya.
Berdasarkan laporan media kerajaan KCNA, menurut Kim Yo Jong, kakak kepada pemimpin Korea Utara Kim Jong Un pada isnin, seandainya Korea Utara menilai kedaulatannya sendiri dicabul, angkatan tenteranya akan segera melaksanakan misi dan tugas mengikut perlembagaannya.
10 maut dalam kebakaran rumah jagaan warga emas
Jabatan Bomba masih lagi menjalankan siasatan lanjut bagi mengenal pasti punca sebenar kebakaran