Russian hackers targeted diplomats at nearly 2 dozen embassies in Ukraine with ad for a cheap BMW: report

Fake ad lowered price of BMW 5-series sedan for sale in Kyiv, Palo Alto Networks says

Hackers believed to be working on behalf of Russia’s foreign intelligence agency have targeted diplomats in nearly two dozen embassies in Ukraine by trying to get them to interact with a fake ad about a used BMW for sale in Kyiv, a report says. 

The scheme, which was uncovered by the Unit 42 research division at cybersecurity firm Palo Alto Networks, reached at least 22 of the 80 foreign missions currently active in Ukraine’s capital, according to Reuters. 

"The campaign began with an innocuous and legitimate event," the news agency quoted a report from Unit 42 as saying, adding that, "In mid-April 2023, a diplomat within the Polish Ministry of Foreign Affairs emailed a legitimate flyer to various embassies advertising the sale of a used BMW 5-series sedan located in Kyiv." 

Unit 42 said the suspected Russian hacking group, known as APT29, then intercepted the flyer, edited it to lower the vehicle’s price and embedded malicious software before emailing it to other diplomats in the region, Reuters reported. 

HACKERS STEAL PERSONAL INFORMATION FROM 8,000 PILOT APPLICANTS FOR AMERICAN, SOUTHWEST 

Scam BMW ad

The fake used car ad created by hackers suspected of working for Russia's foreign intelligence agency in a bid to break into the computers of dozens of diplomats at embassies in Ukraine, is pictured in this undated handout picture. (Unit 42/Handout via REUTERS / Reuters Photos)

The doctored advertisement tried to encourage recipients to open a purported album of photographs of the used car for sale, and if they did, it would install software that would give the hackers remote access to their machines, the news agency added, citing the Unit 42 report. 

"Diplomatic missions will always be a high-value espionage target," Unit 42 reportedly said. "Sixteen months into the Russian invasion of Ukraine, intelligence surrounding Ukraine and allied diplomatic efforts are almost certainly a high priority for the Russian government". 

It is unclear how many embassies or computers have been affected by the scheme. 

A U.S. State Department spokesperson told Reuters it is "aware of the activity and based on the Directorate of Cyber and Technology Security's analysis found it did not affect Department systems or accounts." 

MICROSOFT ADMITS SERVICE DISRUPTIONS TO ONEDRIVE, OUTLOOK WERE CYBERATTACKS FROM MYSTERIOUS HACKER GROUP 

BMW 5 series sedan gray

The ad was trying to sell a used BMW 5-Series sedan for around $8,300. The 2011 version of the car, which is the one for sale, is shown here. (May Tse/South China Morning Post via Getty Images / Getty Images)

Unit 42 linked the hacking effort to APT29 – which was identified by U.S. and British intelligence in 2021 as being part of Russia’s SVR foreign intelligence agency – through tools and techniques they previously have used in their work, according to Reuters. 

The Polish diplomat behind the original advertisement said someone called him to say the price of the vehicle was "attractive," and "when I checked, I realized they were talking about a slightly lower price," Reuters also reported.  

US embassy in Kyiv, Ukraine

The American embassy in Kyiv, Ukraine, is shown here in May 2022. The State Department told Reuters its staff was not affected by the hacking scheme. (Anatolii Siryk/ Ukrinform/Future Publishing via Getty Images)

CLICK HERE TO READ MORE ON FOX BUSINESS       

He told Reuters that the car is still on the market. 

"I'll try to sell it in Poland, probably," he said. "After this situation, I don't want to have any more problems."