Cheap BMW Used As Bait by Russian Hackers To Trick Ukrainian Embassy Workers

Cyberespionage is a serious threat, 16 months into the war in Ukraine. Hackers working for Russian foreign intelligence agency reportedly created a fake car advert trying to break into the computers of several diplomats at embassies across Ukraine.
The car sale ad Russian hackers tried to trick Ukranian embassy workers with 8 photos
Photo: Reuters
Used BMW 5 Series fake adUsed BMW 5 Series fake adBMW 5 Series (F10)BMW 5 Series (F10)BMW 5 Series (F10)BMW 5 Series (F10)BMW 5 Series (F10)
The hackers targeted dozens of diplomats with the fake car advert, a cybersecurity firm report reveals. The diplomats are active in at least 22 of the roughly 80 foreign missions in the capital of Ukraine, Kyiv, showed the results achieved by analysts at Palo Alto Networks' Unit 42 research division.

They discovered that the campaign began with “an innocuous and legitimate event” back in mid-April 2023. A diplomat supposedly working for the Polish Ministry of Foreign Affairs emailed various embassies employees to advertise the sale of a used BMW 5 Series sedan which was available in Kyiv.

The Polish diplomat admitted sending the original email to various embassies. Someone even called him back because the price seemed “attractive.” But that was actually the price the hackers had come up with in order to embassies workers to download the malicious software that would give them remote access to their devices.

The malicious software was disguised in what seemed to be a photo gallery of the used BMW. “More high-quality photos are here,” the flyer read.

Once the email receivers clicked to open the presumed photo gallery, their devices would have been infected.

"When I checked, I realized they were talking about a slightly lower price," he told Reuters. The hackers had listed the BMW for 7,500 euros ($8,351 at the current exchange rate). "The price is reduced!" the ad read in red capital letters.

It was a 2011 F10 BMW 5 Series powered by a 2.0-liter turbodiesel engine, which had clocked 266,000 kilometers (165,284 miles).

Equipment list included black leather interior, two sets of tires for summer and winter, LED lights, power seats, power windows, and so on.

The Polish diplomat will now try to sell his car in his home country, Poland, for the original listed price to avoid any interference from the Russian hackers.

The diplomat refused to be identified, citing security concerns. But it was not enough precaution. The hackers, who are known as APT29 or 'Cozy Bear,' intercepted the email and copied the advertising flyer. They integrated malicious software and sent it to dozens of other diplomats working in Kyiv.

The researchers at Unit 42 identified the fake car advert and immediately linked it to the SVR. What helped them was the fact that the hackers resorted to using tools and techniques which have been previously connected to the spy agency.

The APT29 has been identified as an arm of Russia's foreign Intelligence Service, the SVR. Reuters tried to get in touch with the SVR, but did not get any feedback on the hacking campaign.
If you liked the article, please follow us:  Google News icon Google News Youtube Instagram X (Twitter)

Editor's note: Photo gallery also includes official photos of the BMW 5 Series (F10).


Would you like AUTOEVOLUTION to send you notifications?

You will only receive our top stories