Russian hackers fool diplomats in Ukraine using ad for a cheap used BMW 5 Series

Russian hackers fool diplomats in Ukraine using ad for a cheap used BMW 5 Series

Diplomats are some of the smartest people on earth, or at least we hope they are, as they navigate the complicated world of international politics. Several diplomats from at least 22 foreign missions stationed in Kyiv, Ukraine, fell victim to hackers who hid malware in images of a used BMW 5 Series.

Russian hackers hijacked a legitimate ad for the 2011 BMW 5 Series after discovering a Polish diplomat had shared the ad with several other embassies via email. The Russian hacker group – known by the nickname Cozy Bear, part of the Russian foreign intelligence service – embedded malware into the image gallery attached to the ad and lowered the price by almost $1,000 to attract more attention. The malware then infected any computer that clicked on the ad. Officials in the U.S. and Britain were able to identify the Russian hackers by comparing their techniques to other hacks in Europe, Africa, and elsewhere.

While a BMW 5 Series is a solid, serious car for any respectable diplomat, this is an awful lot of trouble to go through for a 12-year-old German sedan with 266,000 km (165,295 miles) on the clock. The seller is an employee at the Polish Ministry of Foreign Affairs and said he now plans to sell the diesel sedan in Poland to avoid problems. Of course, he could donate the car, which would join several others being donated by Latvian authorities after seizing them from drunk drivers. Volunteers have shipped more than 1,200 cars to Ukraine, which have helped in the war efforts as ambulances and troop transport vehicles.

See also  EV insurance claims are low but cost to repair is high, CCC

This sounds like the plot of a low-rent spy movie, but car sales ad scams are nothing new. There have been several instances of people buying nonexistent cars or being scammed into wiring money to unknown sellers, and that’s before we start talking about odometer fraud and selling stolen cars. Having said that, Russia seems to have invested in cybercrime to a high degree, so it’s surprising that we haven’t seen more stories like this trickling out.