Connect with us

Hi, what are you looking for?


Russian hackers lured embassy workers in Ukraine with an ad for a cheap BMW

LONDON — Hackers suspected of working for Russia’s foreign intelligence agency targeted dozens of diplomats at embassies in Ukraine with a fake used car advert in a bid to break into their computers, according to a cybersecurity firm report seen by Reuters.

The wide-reaching espionage activity targeted diplomats working in at least 22 of the roughly 80 foreign missions in Ukraine’s capital, Kyiv, analysts at the Palo Alto Networks’ Unit 42 research division said in the report, due to be published later on Wednesday.

“The campaign began with an innocuous and legitimate event,” said the report. “In mid-April 2023, a diplomat within the Polish Ministry of Foreign Affairs emailed a legitimate flyer to various embassies advertising the sale of a used BMW 5-series sedan located in Kyiv.”

The Polish diplomat, who declined to be identified citing security concerns, confirmed the role of his advertisement in the digital intrusion.

The hackers, known as APT29 or “Cozy Bear,” intercepted and copied that flyer, embedded it with malicious software, then sent it to dozens of other foreign diplomats working in Kyiv, Unit 42 said.

“This is staggering in scope for what generally are narrowly scoped and clandestine advanced persistent threat (APT) operations,” said the report, using an acronym often used to describe state-backed cyberespionage groups.

In 2021, US and British intelligence agencies identified APT29 as an arm of Russia’s foreign Intelligence Service, the SVR. The SVR did not respond to a request from Reuters for comment about the hacking campaign.

In April, Polish counterintelligence and cybersecurity authorities warned that the same group had conducted a “widespread intelligence campaign” against NATO member states, the European Union, and Africa.

Researchers at Unit 42 were able to tie the fake car advert back to the SVR because the hackers re-used certain tools and techniques which have previously been connected to the spy agency.

“Diplomatic missions will always be a high-value espionage target,” the Unit 42 report said. “Sixteen months into the Russian invasion of Ukraine, intelligence surrounding Ukraine and allied diplomatic efforts are almost certainly a high priority for the Russian government.”

The Polish diplomat said he had sent the original advertisement to various embassies in Kyiv, and that someone had called him back because the price looked “attractive.”

“When I checked, I realized they were talking about a slightly lower price,” the diplomat told Reuters.

SVR hackers, it turns out, had listed the diplomat’s BMW for a lower price — 7,500 euros — in their fake version of the advert, in an attempt to encourage more people to download malicious software that would give them remote access to their devices.

That software, Unit 42 said, was disguised as an album of photographs of the used BMW. Attempts to open those photographs would have infected the target’s machine, the report said.

Twenty-one of the 22 embassies targeted by the hackers and subsequently contacted by Reuters did not provide comment. It was not clear which embassies, if any, had been compromised.

A U.S. State Department spokesperson said they were “aware of the activity and based on the Directorate of Cyber and Technology Security’s analysis found it did not affect Department systems or accounts.”

As for the car, it was still available, the Polish diplomat told Reuters:

“I’ll try to sell it in Poland, probably,” he said. “After this situation, I don’t want to have any more problems”. — Reuters

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the daily email that makes reading the news actually enjoyable. Stay informed and entertained, for free.
Your information is secure and your privacy is protected. By opting in you agree to receive emails from us. Remember that you can opt-out any time, we hate spam too!



THE Board of Investments (BoI) said it endorsed for green-lane treatment a P50-billion common passive telecommunications tower infrastructure project which it expects to generate...


THE Department of Trade and Industry (DTI) said manufacturers had arrived at a “consensus” to delay price increases until the end of 2023. “What...


THE Department of Budget and Management (DBM) said it wants to keep disbursements above 20% of gross domestic product (GDP) to ensure the government...


PROPOSALS to tax junk food as well as raise the current tax on sweetened beverages are not feasible, a senior legislator said. “On a...


THE Intellectual Property Office of the Philippines (IPOPHL) said internet service providers (ISPs) have committed to act promptly in disabling sites that are subject...


THE National Privacy Commission (NPC) asked the public to exercise caution in the use of an artificial intelligence (AI)-supported application that renders user photographs...

You May Also Like

Top News

As the world seeks sustainable and energy-efficient solutions for heating and cooling, the heat pump market is experiencing a significant surge. According to the...


The Toto site’s user-friendly interface makes it easy for both beginners and experienced gamblers to navigate through the various features. “¸ÔÆ¢Æú¸®½º site is a...


Almost 100 jobs are thought to be under threat at smart home energy technology manufacturer myenergi. The Grimsby firm, named one of the UK’s...


JUNIOR FERREIRA-UNSPLASH The Philippines is a very small power market by ASEAN standards, with market demand peaking at 15 gigawatts (GW) compared to Thailand’s...

Disclaimer:, its managers, its employees, and assigns (collectively "The Company") do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

Copyright © 2021 SmartRetirementReport. All Rights Reserved.