Summary: APT29, also known as Midnight Blizzard or Cozy Bear, is executing a new wave of targeted phishing attacks against European governments and diplomats by impersonating legitimate entities. This campaign employs sophisticated malware including GRAPELOADER, which enhances evasion tactics and delivers payloads while updating previously known tools like WINELOADER. The attack strategy demonstrates a significant evolution in APT29’s approach, highlighting their ongoing threat to high-profile organizations.
Affected: European governments and diplomatic organizations
Keypoints :
- APT29 launched a phishing campaign using fake invitations to diplomatic wine events to distribute malware.
- The newly identified GRAPELOADER introduces advanced stealth techniques and environment fingerprinting capabilities.
- WINELOADER has evolved with updated variants showing enhanced anti-analysis hardening methods.
Source: https://securityonline.info/apt29-targets-european-diplomats-with-wine-themed-phishing/