The Russian state-sponsored group APT29 is executing a sophisticated phishing campaign directed at diplomatic entities across Europe, utilizing a new malware loader known as GRAPELOADER. This campaign leverages earlier documented malware WINELOADER, refining its functionality for stealth and anti-analysis. Email lures, disguised as invites to wine-tasting events, infect targeted systems with GRAPELOADER through malware-laden ZIP files. APT29 is attributed to the Russian Foreign Intelligence Service and focuses primarily on Ministries of Foreign Affairs within Europe, with indications of attempts to target diplomats in the Middle East as well.
The use of WINELOADER was first documented by Zscaler ThreatLabz in February 2024, with the attacks leveraging wine-tasting lures to infect diplomatic staff systems.
While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed initial-stage tool used for fingerprinting, persistence, and payload delivery.
Collection
[
|
...
]