Russian hacker group Cozy Bear (aka #MidnightBlizzard, APT29) is back, using wine-tasting invites to phish EU diplomats. The bait? A new wave of WineLoader malware. 🍷🎣

Read: https://hackread.com/cozy-bear-wine-lure-wineloader-malware-eu-diplomats/

#CyberSecurity #APT29 #WineLoader #Russia #EU

Good day everyone!

Check Point Software researchers produced another great article that involves #APT29 and #phishing and a little bit of masquerading. This phishing campaign targeted European diplomatic entities that distributes fake invitations to diplomatic events and appears to be a continuation of a previous campaign run by the same actors. These phishing emails utilized a backdoor known as #Wineloader and also employs a new loader #Grapeloader. There is a lot to unpack here and I hope you enjoy!

Renewed APT29 Phishing Campaign Against European Diplomats
https://research.checkpoint.com/2025/apt29-phishing-campaign/

Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

Splunk provides a detailed analysis of the tactics, techniques, and procedures (TTPs) employed by APT29 in the campaign targeting German political parties with the new WINELOADER backdoor. APT29, aka Midnight Blizzard and Cozy Bear, is publicly attributed to Russian Foreign Intelligence Service (SVR). IOC and Yara rules provided.🔗 https://www.splunk.com/en_us/blog/security/wineloader-analysis.html

#APT29 #MidnightBlizzard #CozyBear #threatintel #WINELOADER #threatintel #IOC #Russia #cyberespionage

It looks like someone found a way to DLL side load with sqlwriter.exe using the exported set_se_translator function :D

https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-spikedwine-wineloader

#security #dllsideloading #malware #wineloader #sqlwriter

Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties
https://thehackernews.com/2024/03/russian-hackers-use-wineloader-malware.html #Kreml #Cybercrime #Phishing #Malware #WINELOADER #CozyBear #APT29

#Wineloader von "CDU": Russische Cyberspione nehmen deutsche Politiker ins Visier | Security https://www.heise.de/news/Wineloader-von-CDU-Russische-Cyberspione-nehmen-deutsche-Politiker-ins-Visier-9664178.html #CyberCrime #Hacking #Malware

#Russia-linked #APT29 targeted German political parties with #WINELOADER backdoor
https://securityaffairs.com/160975/apt/russia-apt29-german-political-parties-wineloader.html
#securityaffairs #hacking #malware

Inklusive #CDU-Logo: #Fake-Politiker Einladung von #APT29 zum Abendessen - macht aber einen ziemlich hölzernen Eindruck:

"Die Links führten nach Angaben von #Mandiant jeweils zu einer Zip-Datei mit einem Malware-Dropper namens #Rootsaw. Dieser präsentierte der Zielperson ein Köderdokument mit weiteren Informationen zu dem Abendessen und lud eine Backdoor namens #Wineloader nach."

https://www.golem.de/news/einladung-zum-abendessen-hacker-attackieren-deutsche-parteien-im-namen-der-cdu-2403-183510.html