A sophisticated phishing campaign targeting European diplomatic entities has been uncovered, attributed to the Russia-linked threat group APT29. The attackers impersonate a major European foreign affairs ministry, sending fake invitations to wine tasting events. The campaign employs a new loader called GRAPELOADER, which is used for initial reconnaissance and payload delivery. Additionally, a new variant of the WINELOADER backdoor has been discovered, likely used in later stages of the attack. Both malware components share similarities in code structure and obfuscation techniques. The campaign focuses on European diplomatic targets, including non-European embassies in Europe, with some indications of limited targeting outside the region. Author: AlienVault
Related Tags:
WINELOADER
T1534
Denmark
France
Belgium
Poland
Italy
Ireland
Germany
Associated Indicators:
E06FBACE9C2297E47E6BF991F2681B2B
bakenhof.com
silry.com
bravecup.com
ophibre.com
https://silry.com/inva.php
https://bakenhof.com/invb.php