Cyberespionage group often called APT29 and linked to Russia’s international intelligence service (SVR), has added a brand new malware loader to its toolset. Used for fingerprinting, persistence and payload supply, the brand new loader was noticed in a latest phishing marketing campaign towards diplomatic missions in Europe.
“On this present wave of assaults, the menace actors impersonate a significant European Ministry of Overseas Affairs to ship out invites to wine tasting occasions, prompting targets to click on an internet hyperlink resulting in the deployment of a brand new backdoor known as GRAPELOADER,” researchers from security agency Verify Level wrote in a report. “This marketing campaign seems to be targeted on focusing on European diplomatic entities, together with non-European international locations’ embassies positioned in Europe.”
APT29, also called Cozy Bear and Midnight Blizzard, is likely one of the most subtle Russian state-sponsored cyberespionage teams. Due to its hyperlinks to the SVR, its phishing targets are sometimes diplomatic missions, authorities entities, political events and suppose tanks. Nevertheless, the group can be able to launching software program provide chain assaults, being liable for the 2020 assault on SolarWinds that impacted 1000’s of firms, organizations and authorities businesses.