Summary: The Russian espionage group Midnight Blizzard has launched a spear-phishing campaign targeting European diplomatic entities, employing new malware called ‘GrapeLoader.’ This campaign, which started in January 2025, utilizes sophisticated techniques to evade detection and gather intelligence. The sophisticated WineLoader backdoor allows extensive reconnaissance and espionage operations while enhancing its stealth mechanisms against analysis tools.
Affected: Diplomatic entities in Europe
Keypoints :
- Campaign initiated with spoofed emails inviting recipients to a wine-tasting event, containing a malicious link.
- Introduces the stealthy GrapeLoader malware and a new variant of the WineLoader backdoor with enhanced obfuscation.
- Malware executes in-memory, making detection difficult, and collects extensive host information for espionage purposes.
- Improved anti-analysis features disrupt automated extraction of strings, complicating reverse engineering efforts.