Russia’s APT29 Targets EU Diplomats with Wine-Tasting Phishing Attack
A sophisticated cyber-espionage campaign by Russia’s APT29 group, also known as Midnight Blizzard or Cozy Bear, has recently targeted European diplomats using a clever disguise: fake wine-tasting invitations.
Cybersecurity researchers from Check Point uncovered the attack, which involves emails spoofing European Ministries of Foreign Affairs. The emails invite recipients to exclusive wine-tasting events, but the real payload is far more dangerous. Attached to the invitation is a ZIP file named “wine.zip” containing a new malware loader called **GRAPELOADER**.
GRAPELOADER acts as a stealthy first-stage malware that performs system reconnaissance and deploys additional tools, including an updated version of **WINELOADER**. WINELOADER is a modular backdoor capable of deep system access, data exfiltration, and executing commands remotely.
The campaign’s primary targets include European foreign ministries and embassies of non-European countries based in Europe, marking a continued effort by APT29 to infiltrate sensitive diplomatic networks.
Security experts urge organizations to bolster their email defenses, educate staff about phishing tactics, and monitor systems for unusual activity. This campaign highlights the growing sophistication of state-backed cyber threats in today’s geopolitical climate.