Hackers believed to be working on behalf of Russia’s foreign intelligence agency have targeted diplomats in nearly two dozen embassies in Ukraine by trying to get them to interact with a fake ad about a used BMW for sale in Kyiv, a report says.
The scheme, which was uncovered by the Unit 42 research division at cybersecurity firm Palo Alto Networks, reached at least 22 of the 80 foreign missions currently active in Ukraine’s capital, according to Reuters.
"The campaign began with an innocuous and legitimate event," the news agency quoted a report from Unit 42 as saying, adding that, "In mid-April 2023, a diplomat within the Polish Ministry of Foreign Affairs emailed a legitimate flyer to various embassies advertising the sale of a used BMW 5-series sedan located in Kyiv."
Unit 42 said the suspected Russian hacking group, known as APT29, then intercepted the flyer, edited it to lower the vehicle’s price and embedded malicious software before emailing it to other diplomats in the region, Reuters reported.
The fake used car ad created by hackers suspected of working for Russia's foreign intelligence agency in a bid to break into the computers of dozens of diplomats at embassies in Ukraine, is pictured in this undated handout picture. (Unit 42/Handout via REUTERS / Reuters Photos)
The doctored advertisement tried to encourage recipients to open a purported album of photographs of the used car for sale, and if they did, it would install software that would give the hackers remote access to their machines, the news agency added, citing the Unit 42 report.
"Diplomatic missions will always be a high-value espionage target," Unit 42 reportedly said. "Sixteen months into the Russian invasion of Ukraine, intelligence surrounding Ukraine and allied diplomatic efforts are almost certainly a high priority for the Russian government".
It is unclear how many embassies or computers have been affected by the scheme.
A U.S. State Department spokesperson told Reuters it is "aware of the activity and based on the Directorate of Cyber and Technology Security's analysis found it did not affect Department systems or accounts."
The ad was trying to sell a used BMW 5-Series sedan for around $8,300. The 2011 version of the car, which is the one for sale, is shown here. (May Tse/South China Morning Post via Getty Images / Getty Images)
Unit 42 linked the hacking effort to APT29 – which was identified by U.S. and British intelligence in 2021 as being part of Russia’s SVR foreign intelligence agency – through tools and techniques they previously have used in their work, according to Reuters.
The Polish diplomat behind the original advertisement said someone called him to say the price of the vehicle was "attractive," and "when I checked, I realized they were talking about a slightly lower price," Reuters also reported.
The American embassy in Kyiv, Ukraine, is shown here in May 2022. The State Department told Reuters its staff was not affected by the hacking scheme. (Anatolii Siryk/ Ukrinform/Future Publishing via Getty Images)
He told Reuters that the car is still on the market.
"I'll try to sell it in Poland, probably," he said. "After this situation, I don't want to have any more problems."