Russian hackers attacked the computers of diplomats in 22 foreign embassies working in Kyiv through the advertisement of a cheap BMW.
This was reported by Reuters with reference to the report of the cyber security company Palo Alto Networks Unit 42.
In mid-April 2023, a diplomat of the Ministry of Foreign Affairs of Poland sent an e-mail to various embassies announcing that he was selling a used BMW 5 Series sedan in Kyiv. However, hackers APT29 or "Cozy Bear" intercepted and copied this ad, inserted malware into it and sent it to dozens of other foreign diplomats working in Kyiv. The malware was disguised as a BMW photo album.
The Polish diplomat confirmed the role of his advertisement in the cyber attack.
The Polish diplomat said he sent the original ad to various embassies in Kyiv and that someone called him back because the price looked "attractive." "When I checked, I realized that they were talking about a slightly lower price," the diplomat noted. It turned out that the hackers listed a lower price for the diplomatʼs BMW — €7 500 — to get more people to click on the ad.
Unit 42 researchers were able to link the fake car ad to Russiaʼs Foreign Intelligence Service because the hackers used certain tools and techniques they had already used.
In 2021, US and British intelligence services identified APT29 as a unit of Russiaʼs Foreign Intelligence Service. In April 2023, Polish counterintelligence and cyber security agencies warned that the group had conducted a "large-scale intelligence campaign" against NATO member states, the European Union and Africa.