Cloaked Ursa, a malware group, is cyber-attacking diplomatic missions in Ukraine. This has been revealed by Unit 42 of Palo Alto Networks, which has observed cases in which this group uses decoys focused on the diplomats themselves rather than on the countries they represent. Thus, it is revealed that Cloaked Ursa targets diplomatic missions within Ukraine taking advantage of something that all newly posted diplomats need: a vehicle. “We are in a convulsive moment of changes and transformations at an economic and social level. For this reason, at Palo Alto Networks we will closely follow the rapid evolution of cybernetic activity related to the conflict between Russia and Ukraine”, explains Jesús Díaz Barrero, director of Systems Engineering for Southern Europe at Palo Alto Networks.
On alert diplomatic missions in Ukraine
Investigators have revealed that Cloaked Ursa is targeting at least 22 of the more than 80 foreign missions located in kyiv. Although they do not have details of its infection success rate, this is a truly staggering figure for a clandestine operation carried out by an Advanced Persistent Threat (APT) that the United States and the United Kingdom publicly attribute to the Foreign Intelligence Service. of Russia (SVR).
This is how diplomatic missions in Ukraine are being cyber-attacked
Hackers from Russia’s Foreign Intelligence Service, dubbed Cloaked Ursa, are well known for attacking diplomatic missions around the world. For their access attempts over the past two years they have predominantly used diplomatic operations-themed phishing lures such as: Voice memos (informal government-to-government diplomatic communications) Embassies operational status updates Diplomat schedules Invitations to events of the embassy
Attack on diplomats through a BMW for sale
Recently, Unit 42 investigators have observed a new attack campaign using a novel tactic. In this case, the attackers took advantage of the legitimate sale of a BMW by a Polish diplomat in kyiv, Ukraine, to attack diplomats in the region.