Russian military hackers have been hiding credential-harvesting malware in fake luxury car advertisements in a likely attempt to deceive diplomats and potentially access state secrets, Axios reported.
Researchers in Palo Alto Networks’s Unit 42 threat intelligence team found proof that, since March, a Russian group has been infecting devices with nefarious hardware via a luxury car phishing scheme.
Diplomats are frequently sent on new assignments with little notice, meaning they're often looking to buy and sell cars with diplomatic plates very quickly, Michael Sikorski, vice president of threat intelligence and chief technology officer at Unit 42, told Axios. This schedule makes car advertisements an ideal way for hostile hackers to target diplomats.
One example of a fraudulent online advertisement was for a 2009 Audi Q7 Quattro SUV for about 5,500 euros. The post advertises a "Diplomatic Car for Sale" and contains contact information and six images of the cars.
By targeting diplomats’ devices, Kremlin spies may be able to access internal secrets and get ahead of any plans invented to sabotage Russia’s objectives. Although the intended target for this phishing scheme was likely diplomats, researchers don't know how many people may have been affected.
Russian hackers launched a similar hacking campaign last year against diplomats in at least a quarter of the more than 80 foreign missions based in Kyiv, Ukraine.