Renewed APT29 Phishing Campaign Against European Diplomats
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A sophisticated phishing campaign targeting European diplomatic entities has been uncovered, attributed to the Russia-linked threat group APT29. The attackers impersonate a major European foreign affairs ministry, sending fake invitations to wine tasting events. The campaign employs a new loader called GRAPELOADER, which is used for initial reconnaissance and payload delivery. Additionally, a new variant of the WINELOADER backdoor has been discovered, likely used in later stages of the attack. Both malware components share similarities in code structure and obfuscation techniques. The campaign focuses on European diplomatic targets, including non-European embassies in Europe, with some indications of limited targeting outside the region.
OPENCTI LABELS :
backdoor,phishing,wineloader,grapeloader
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Renewed APT29 Phishing Campaign Against European Diplomats