Fake diplomatic car sale email used to hack Eastern European missions

A fake email announcing the sale of a car contained malicious code, targeting information on diplomats' computers. The group linked to Russian military intelligence was "inspired" by a real email sent by a Polish diplomat.

The incident began with a genuine email from a Polish diplomat offering to sell a BMW Series 5 in Kyiv.

Hackers, who likely broke into the account of one of the recipients, used a similar tactic. However, in this case, they attached a virus to the attachment. The announcement was sent to many diplomatic missions in Kyiv titled: "Diplomatic car for sale".

When a potential buyer wanted to check how the car looked from different angles, malicious software, known as a backdoor, which gave the criminals remote access to the buyer's device, was launched on their computer.

The hackers were tracked down by Unit 42 of the cybersecurity firm Palo Alto Networks. Experts believe the attack targeted diplomats from Eastern European countries, but Poland was not among them.

The attack was allegedly carried out by the group APT28, also known as Fighting Ursa. The hackers are linked to Russian military intelligence and have previously attacked, among others, the German parliament and the US Democratic Party.

- Analysis of the attacks carried out by Fighting Ursa provides insight into the military priorities of Russian services. We predict that, besides Ukraine, all European countries that are NATO members could be the targets of similar attacks - said Wojciech Gołębiowski, Managing Director of Palo Alto Networks in Eastern Europe.