Russia's cyber-espionage group, Cozy Bear (APT 29), is renewing its tactics to lure European diplomats into downloading malware. After targeting German politicians last year with Wineloader, they now use a new strain called Grapeloader. Diplomats are receiving fake invitations to wine tasting events, disguised as messages from a European Ministry of Foreign Affairs. If clicked, these malicious links download a file that uses exploited PowerPoint functionality to install malware, significantly increasing the risks for the targeted diplomats.
Russia continues to target European diplomats using malware disguised as invitations to social events, with the latest tactic involving a 'wine tasting' invitation.
Malware hunters at Check Point report that Russian hackers are employing a new variant, Grapeloader, to entice targets into downloading malicious software.
The malicious email invitations mimic official communications from a European Ministry of Foreign Affairs, making them more believable and increasing the likelihood of a successful breach.
The delivery mechanism for the malware includes a legitimate PowerPoint file executed in a way that exploits vulnerabilities, effectively facilitating the attack.
Collection
[
|
...
]