What simply occurred? Russian hacking has skyrocketed for the reason that nation’s invasion of Ukraine. The newest incident is believed to have concerned cybercriminals working on the behest of Russia’s overseas intelligence company focusing on diplomats at Ukrainian embassies with an advert for an inexpensive BMW.
In line with Palo Alto Networks’ Unit 42 analysis division (by way of Reuters), dozens of diplomats working in not less than 22 of the roughly 80 overseas missions in Ukraine’s capital, Kyiv, had been focused within the assaults.
The marketing campaign started in mid-April when a diplomat throughout the Polish Ministry of Overseas Affairs emailed a reputable flyer to varied embassies. The flyer was an commercial for a used BMW 5-series sedan positioned in Kyiv.
The hackers then intercepted and copied the flyer, embedding it with malicious software program earlier than sending it to dozens of different diplomats in Kyiv.
The group accountable, APT29 aka “Cozy Bear,” is an arm of Russia’s overseas Intelligence Service (SVR). It’s believed to have been behind quite a few high-profile hacking incidents, together with a ransomware assault on Republican Nationwide Committee third-party supplier Synnex Corp, an intrusion into the Democrats’ community, the hack on FireEye, and plenty of extra.
Unit 42 was in a position to observe the altered automobile advert again to the SVR because the hackers re-used sure instruments and methods that had beforehand been linked to the spy company.
“Diplomatic missions will at all times be a high-value espionage goal,” the Unit 42 report mentioned. “Sixteen months into the Russian invasion of Ukraine, intelligence surrounding Ukraine and allied diplomatic efforts are virtually actually a excessive precedence for the Russian authorities.”
It wasn’t simply the addition of malicious software program that Cozy Bear modified within the advert. It additionally listed the BMW for a lower cost of seven,500 euros ($8,292). This was to make it extra enticing to potential consumers who would unknowingly obtain the software program, disguised as an album of pictures of the automobile, thereby permitting the attackers distant entry to their gadgets.
A US State Division spokesperson mentioned it was conscious of the exercise, and that it didn’t have an effect on Division programs or accounts. The automobile continues to be on the market.
Again in March, a whistleblower leaked files from a Moscow-based protection contractor that allegedly present how the corporate works with Russian navy and intelligence businesses to assist them in hacking operations, coaching operatives, spreading disinformation, and scanning the web for vulnerabilities. A month later, we noticed Microsoft warn of Russian brokers making an attempt to infiltrate gaming communities.