Russia-Linked Hackers Target European Diplomats with Fake Wine Tasting Events
A Russia-linked hacking group, known as APT29 or Midnight Blizzard, has launched a new "advanced phishing campaign" targeting European diplomats with invites to fake wine tasting events. According to a report by Check Point Research, the goal of this campaign is to impersonate a major European Ministry of Foreign Affairs and send out invitations that prompt targets to click on a web link leading to the deployment of a new backdoor malware called GRAPELOADER.
The emails sent to these diplomats were designed to look legitimate, with subject lines such as "Wine tasting event (update date)," "For Ambassador’s Calendar" and "Diplomatic dinner." However, behind the scenes, these messages contained malicious links that, when clicked, could compromise the recipient's machine.
The U.S. Cybersecurity and Infrastructure Security Agency had previously identified APT29 as a cyber espionage group, likely part of the Russian intelligence services' SVR (Sluzhba Vneshney Razvedki), known for targeting high-profile organizations, including government agencies and think tanks. This latest phishing campaign appears to be focused on targeting European diplomatic entities, including non-European countries' embassies located in Europe.
Check Point Research noted that the targets of this campaign include multiple European countries with a specific focus on Ministries of Foreign Affairs, as well as other countries' embassies in Europe. In addition to these targeted emails, there were indications of limited targeting outside of Europe, including diplomats based in the Middle East.
The phishing attacks started in January of this year and have continued to evolve since then. The attackers used sophisticated tactics, including impersonating a major European foreign affairs ministry to distribute fake invitations to diplomatic events – most commonly, wine tasting events. In cases where the initial attempt was unsuccessful, additional waves of emails were sent to increase the likelihood of getting the victim to click the link and compromise their machine.
According to Check Point Research, the server hosting the malicious link is believed to be highly protected against scanning and automated analysis solutions. The malicious download is triggered only under certain conditions, such as specific times or geographic locations. When accessed directly, the link redirects to the official website of the impersonated Ministry of Foreign Affairs.
It is unclear if any of the phishing attacks were successful in compromising the machines of European diplomats. However, this latest campaign highlights the ongoing threat posed by APT29 and other Russian-linked hacking groups to global security.
Stay Safe from Phishing Attacks
To protect yourself from phishing attacks like this one, it's essential to be cautious when receiving unsolicited emails or messages, especially those with suspicious subject lines. Always verify the authenticity of the sender and never click on links or download attachments from unknown sources.
Additionally, keep your software and operating systems up-to-date, use strong passwords, and enable two-factor authentication whenever possible. By taking these precautions, you can significantly reduce the risk of falling victim to phishing attacks like this one.
Stay Informed
Follow reputable news sources and cybersecurity experts to stay informed about the latest threats and vulnerabilities in the world of cybersecurity. Fox News' Antisemitism Exposed" newsletter brings you stories on the rising anti-Jewish prejudice across the U.S. and the world. By entering your email and clicking the Subscribe button, you agree to the Fox News Privacy Policy and Terms of Use, and agree to receive content and promotional communications from Fox News.