1. Forum
  2. Fidonet
  3. POLITICS

  • European diplomats target

    From Mike Powell@1:2320/105 to All on Fri Apr 18 10:10:00 2025
    European diplomats targeted by Russian phishing campaign promising fancy wine tasting

    Date:
    Thu, 17 Apr 2025 13:53:18 +0000

    Description:
    APT29 is targeting diplomats with a new backdoor, luring them with the
    promise of fine wine tasing.

    FULL STORY

    Russian scammers are using diplomats love for wine to distribute a nasty new backdoor.

    A new report from cybersecurity experts Check Point Research (CPR), who have been tracking the campaign since early 2025, noted infamous state-sponsored threat actor APT29 (AKA Cozy Bear, Midnight Blizzard) is impersonating a
    major European Ministry of Foreign Affairs as it sends out phishing emails to other diplomats across the continent.

    The emails, containing an invite to a wine tasting (or a similar event), distribute two distinct malware variants: GRAPELOADER and an updated version
    of WINELOADER.

    Older variants of WINELOADER are confirmed to originate from APT29, which is how CPR concluded that the campaign belongs to the Russian threat actor.

    The focus of the report is on GRAPELOADER, since its newer and relatively
    more dangerous. It acts as an initial-stage loader, and is used for fingerprinting, persistence, and payload delivery. CPR says it employs
    advanced stealth methods and anti-analysis techniques, and exploits DLL side-loading vulnerabilities for execution.

    WINELOADER, on the other hand, is a modular backdoor used in later stages of the attack. It shares some similarities with GRAPELOADER in code structure
    and obfuscation, and comes with improved anti-analysis features.

    The targets are diplomats, located in Europe, but not European in origin. Instead, Cozy Bear focuses on embassies of non-European countries, located in Europe. CPR did not detail who the targets were, and how successful the campaign might have been.

    Cozy Bear is believed to be affiliated with Russias Foreign Intelligence Service (SVR) and is described as one of the most sophisticated and stealthy APT threat actors out there. It is usually tasked with intelligence
    gathering, targeting government agencies (in the US, NATO countries, and the EU), think tanks and NGOS, universities, cybersecurity companies, and more.

    It gained global notoriety after the 2020 SolarWinds attack, which is now perceived as one of the most impactful supply-chain attacks ever,
    compromising US federal agencies and major corporations.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/european-diplomats-targeted-by-russian- phishing-campaign-promising-fancy-wine-tasting

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)