Best News Network

Polish diplomat’s BMW advert was turned into lure by Russian hackers

Receive free Cyber warfare updates

Hackers tied to Russia’s spy services have hijacked a Polish diplomat’s advertisement to sell his BMW, spreading malware in an attempt to infiltrate foreign embassies’ networks in Ukraine.

The Kyiv-based diplomat emailed an advertisement about his 2011 BMW 5 series car to dozens of other embassies this spring.

Within two weeks, the hackers had repurposed the advertisement, dropped the price and laced the notice with malware, according to researchers at Unit 42 — part of Californian cyber security firm Palo Alto Networks.

The goal was to entice recipients to click through the images of the €7,500 navy blue sedan with leather trim and a two-litre diesel engine, and so allow the hackers to surreptitiously steal data as well as future access to embassies’ networks.

The hacked advertisement in full
The hacked advertisement in full

The researchers say those responsible — who sent the repurposed ad to 22 diplomatic missions in Kyiv — were part of a hacking unit nicknamed Cozy Bear that is tied to Russia’s Foreign Intelligence Service (SVR).

Western officials have tied Cozy Bear to the breaches of the US Democratic National Committee in 2016 and the Republican National Committee in 2021.

Cozy Bear used the BMW ad to hide the so-called spear-phishing link to install a back door into embassies’ networks, a sign of the sophistication of Moscow’s espionage efforts, the researchers say.

Spear-phishing involves creating alluring links that even careful recipients may be tricked into clicking on. Previous examples included an email this year to embassies in Kyiv that pretended to give details of Turkey’s earthquake relief efforts.

“It’s all about getting their hooks in — especially in Ukraine . . . where they want to get their hooks to the maximum and then make sense of it later,” said Michael Sikorski, Unit 42 vice-president, who labelled the hackers “pretty impressive”.

Computer boards with a Russian flag
Russian hackers are behind some of the most sophisticated malware seen by western researchers © Bildagentur/Alamy

It is unknown whether any of the targeted missions were successfully infiltrated. A sweep of US systems in Kyiv this month showed nothing, said two people familiar with the matter.

Western cyber security companies, including Palo Alto Networks, Microsoft, Dragos and others have contracts to protect Ukrainian customers. This typically involves observing much of the data moved through networks.

Sikorski said that, as the malware-laced emails circulated, Unit 42 researchers noted something awry with the attachment and warned the targeted missions within days. He declined to discuss the details of those conversations.

The Polish diplomat declined to comment, as did the Polish Embassy. The car remains unsold.

Russian hackers have flooded Ukraine’s networks since before the full-blown invasion in February 2022, wielding some of the most sophisticated malware seen by western researchers.

They cut off access to a satellite internet system sold by a US company and wiped data from state-owned train and immigration systems in the early days of the war.

US and European security companies, sometimes paid for by Ukraine’s allies, have helped thwart assaults on the country’s energy grid, military systems and the banking network.

But the Russian hackers’ phishing skills have been an issue of concern. One email intercepted last year contained a spreadsheet promising the details of Ukraine’s dead and wounded soldiers.

It purported to have been sent in error, making it difficult for recipients to resist clicking on what promised to be a painful national secret.

Sustained access to an embassy’s emails created a new risk, said Sikorski, now that hackers can repurpose AI systems such as ChatGPT to train off the style of existing conversations.

“We now know that they probably have access to people’s inboxes, and they can then even train off the conversations you’ve had with people historically,” he said.

Additional reporting by Christopher Miller in Kyiv

Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Business News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.