Russian hackers target diplomats with fake car sale emails, malware

A fake email announcing the sale of a car contained malicious code, and the Russian hackers targeted the information on diplomats' computers. The "inspiration" for the group linked to Russian military intelligence was a real email sent by a Polish diplomat.

It all started with a real email from a Polish diplomat who sent an offer to sell a BMW 5 Series car in Kyiv to his contacts.

The hackers, who likely broke into the account of one of the recipients, used a similar method. However, in this case, they attached a virus to the attachment. The announcement was sent to many diplomatic posts in Kyiv. It was titled: "Diplomatic car for sale".

When a potential buyer wanted to check exactly what the car looked like from different angles, malicious software, known as a backdoor, was activated on their computer. This was a program that gave criminals remote access to the buyer's device.

The Unit 42 division at Palo Alto Networks, a cybersecurity company, traced the hackers. Experts claim that the attack was aimed at diplomats from Eastern European countries, but Poland was not among them.

The attack was believed to have been carried out by the group APT28, also known as Fighting Ursa. The hackers are linked to Russian military intelligence and have previously attacked the German parliament and the US Democratic Party, among others.

– Analyzing the attacks carried out by Fighting Ursa provides insight into the military priorities of Russian services. We predict that, apart from Ukraine, all European countries that are NATO members could be targets of similar attacks – Wojciech Gołębiowski, Managing Director of Palo Alto Networks in Eastern Europe.