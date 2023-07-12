Hackers, reportedly linked to Russia's Foreign Intelligence Service, repurposed an online ad for a used BMW to access the computers of diplomats in more than 20 embassies in Ukraine, according to a new report from the cybersecurity company, Palo Alto Networks.

The company's research division, Unit 42, stated that it observed a diplomat from the Polish Ministry of Foreign Affairs legitimately selling his black BMW 5-series sedan in mid-April.

Just two weeks later, a hacking group known as Cloaked Ursa or APT29, sent out an altered version of the flyer to diplomats at embassies across Kyiv. This version included an American mission and proposed a new "reduced price" of 7,500 euros, according to Unit 42.

The ad included a link for "more high-quality photos," which redirected diplomats to a legitimate webpage. However, as the diplomats clicked through the photos of the car, a malware program stealthily infected their computers in the background.

According to Unit 42, at least one of the malware links was previously flagged by the threat intelligence program, VirusTotal.

The company suggested that the ad would have appealed to diplomats, who often spend short periods at various embassies overseas and might not know where to find reliable transportation.

The group has previously attempted phishing attacks against diplomats through fake event invitations, scheduling emails, and status updates. American agencies identified APT29's suspected ties to the Russian government as far back as 2021.

Approximately 80% of the targeted email addresses were publicly available online, including general inboxes for entire embassies. At least two of the emails contained errors and never reached their intended targets.

It remains unclear whether any of the affected embassies were compromised in any way.

The Polish diplomat who first advertised the car told Reuters it was still available. "I'll try to sell it in Poland, probably," he said. "After this situation, I don't want to have any more problems."