Hackers believed to work for Russia’s foreign intelligence service have attempted to break into the computers of dozens of embassy employees in Ukraine. This is according to a report from a cybersecurity company that has been viewed by Reuters. The broad espionage activity has targeted diplomats in at least 22 of some 80 foreign missions in Kiev, according to analysts from Palo Alto Networks’ Unit 42 research arm.
“In mid-April 2023, a Polish Foreign Ministry diplomat emailed several embassies a legitimate leaflet advertising the sale of a used BMW 5 Series sedan in Kiev,” said the report, due to be released later on Wednesday. released. A Polish diplomat, who asked not to be named for security reasons, confirmed this. The hackers, known as APT29 or “Cozy Bear,” intercepted the flyer, copied it, patched it with malware and then sent it to dozens of other foreign diplomats working in Kiev, Unit 42 said.
“This is a staggering size for the usually tightly contained and clandestine Advanced Persistent Threats (APT) operations,” said the report, which uses an acronym commonly used to describe state-backed cyber-espionage groups.
Cyberarm of the Russian secret service
In 2021, US and UK intelligence agencies identified APT29 as a branch of the Russian foreign intelligence agency SVR. The SVR did not respond to a request from Reuters for comment on the hacking campaign.
In April, Polish counterintelligence and cybersecurity authorities warned that the same group was conducting a “broad intelligence campaign” against NATO member states, the European Union and Africa.
The Unit 42 investigators were able to link the fake car ad to the SVR because the hackers reused certain tools and techniques previously linked to the spy agency.
“High-value spy target”
“Diplomatic missions will always remain a valuable espionage target,” the Unit 42 report said. “Sixteen months after the Russian invasion of Ukraine, intelligence on Ukraine and allied diplomatic efforts are certainly a high priority for the Russian government.”
It turned out that the SVR hackers had offered the diplomat’s BMW in their fake version of the ad for a lower price – €7,500 – to get more people to download malware that would allow them to access their devices remotely.
According to Unit 42, this software was disguised as a photo album of the used BMW. Attempts to open these photos would have infected the target’s computer, the report said.
Messages silent
Of the 22 embassies targeted by the hackers and subsequently contacted by Reuters, 21 declined to comment. It was not clear which messages, if any, had been compromised. A spokesman for the US State Department said it was aware of the activity and determined, based on the analysis by the Directorate of Cyber and Technology Security, that the department’s systems or accounts had not been compromised.
The car is still available, the Polish diplomat told Reuters: “I will probably try to sell it in Poland,” he said. “After this situation, I don’t want to have any more problems.”
Source: Krone
I am Wallace Jones, an experienced journalist. I specialize in writing for the world section of Today Times Live. With over a decade of experience, I have developed an eye for detail when it comes to reporting on local and global stories. My passion lies in uncovering the truth through my investigative skills and creating thought-provoking content that resonates with readers worldwide.
