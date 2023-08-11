Cyber security minister Ossian Smyth says he is satisfied that a recent computer attack on the Irish Embassy in Kyiv was carried out by the Russian overseas intelligence agency, the SVR.

The attack was successfully repelled, and Mr Smyth said he has since had a recent full briefing at the Department of Foreign Affairs, “at which my phone was taken from me and put outside in a bag, which I was pleased to see.”

He said standards and procedures were very thorough and no Irish diplomats had clicked on a phishing email at the Embassy in Kyiv that piggybacked on an authentic effort by a Polish diplomat to sell a car.

Russian intelligence gained access to the genuine email and repackaged it with hidden malware that would have allowed spy software to open unseen in the background of Embassy computers.

The listing was for a 2011 BMW 5 Series, in “very good condition, low fuel consumption” for a reduced price of €7,500.

Readers were invited to click on links to see “high-quality photos.” But these links led to suborned websites where the malware lurked.

The Russian redeployment of the advert targeted at least 22 of more than 80 embassies in Kyiv, including the United States, Canada, Turkey, Estonia, Greece, Albania, Iraq, Latvia, Libya and Norway, besides Ireland.

On This Day In History - August 11th

It is understood the US Embassy immediately detected the danger and alerted other missions. But one delegation may have been compromised — because the Russian re-direction reduced the price of the vehicle to make it more attractive.

The genuine Polish diplomatic seller was then puzzled to receive an enquiry quoting a lower price than was being sought.

Minister Smyth said: “This appears to be the work of the Russian overseas intelligence service, the SVR. They tried to compromise a big list of countries.” He added: “There are regular attempts of this sort and there has been no compromise at the Department (of Foreign Affairs). Strict protocols are in place.

“We actually thought there would be a lot more cybersecurity attacks once the war broke out. We thought Western banks would be systematically targeted because of the financial sanctions and penalties put in place against the Russian regime.

“But there wasn’t — it didn’t happen, even though we had prepared for it and everyone was on high alert. The level of attack actually fell back for a while. I am talking about state actor events, rather than the criminal attempts, which more or less continued at the same rate.”

He said the latest incident served as a salutary warning for everyone to be on their guard and not to click on links sent into any agency, Department, body or commercial firm from the outside.

“The Department of Foreign Affairs has the highest level of security because, as with any country, they are the number one target for State-sponsored cyberattacks,” he said.

“They are very good at keeping secrets — there are far fewer [media] leaks from Foreign Affairs than from any other Department.

“They have their own systems, and they managed to defeat this attack, so I would have a large level of confidence in them,” he said.

“But what we have seen in the last year or two is a move to target suppliers into Government Departments or agencies. They try to penetrate supplier firms because they may not have the same security standards — and it can compromise a whole range of customers.

“This kind of ‘Move It’ attack has had implications for Aer Lingus and for Comreg (the communications watchdog).” It is understood neither of these were ultimately affected. The Department of Foreign Affairs informed the National Cyber Security Centre about the attack, linked to the Cozy Bear group, which has been linked to the Kremlin.