Recent analysis by Check Point reveals that the notorious Russian threat group Midnight Blizzard has altered its attack strategies, recently targeting European governments and diplomats with sophisticated phishing campaigns. These attacks, ongoing since January, involved impersonating a European Ministry of Foreign Affairs and luring victims with invitations to wine tasting events. The crafted emails contained links that, when clicked, executed a backdoor named 'GRAPELOADER' and utilized a disguised PowerPoint executable for further malicious actions, demonstrating the group's evolving tactics and targeting precision.
"The emails contained a malicious link that led, in some cases, to the download of an archive, eventually leading to the deployment of GRAPELOADER."
"When the target clicks the malicious link, this initiates the download of an archive dubbed 'wine.zip' which sets the next stage of attack in motion."
Collection
[
|
...
]