Summary: APT29, a Russian state-sponsored threat actor, is conducting a sophisticated phishing campaign targeting diplomatic entities in Europe with new malware tools called GRAPELOADER and an improved WINELOADER. The campaign uses deceptive wine-tasting invitations to initiate attacks, deploying malware that manipulates system registry settings for persistence and gathers information from infected hosts. Despite the advanced techniques involved, the campaign emphasizes operational impact through aggressive spearphishing rather than sheer stealth.
Affected: Diplomatic entities in Europe and Middle Eastern diplomats
Keypoints :
- APT29’s campaign utilizes GRAPELOADER for initial infiltration and improved WINELOADER for later stages.
- Phishing emails disguised as wine-tasting invitations were sent from malicious domains to lure targets.
- The malware modifies the Windows Registry for persistence and uses advanced techniques for data exfiltration.
Source: https://thehackernews.com/2025/04/apt29-deploys-grapeloader-malware.html