Teacher
Professional
- Messages
- 2,669
- Reaction score
- 819
- Points
- 113
The range of interests of cyber spies from APT29 turned out to be wider than previously thought.
Experts of the information security company Mandiant linked recent cyber attacks using the WINELOADER backdoor with the activities of the hacker group Midnight Blizzard (also known as APT29, BlueBravo or Cozy Bear).
According to researchers, around February 26 of this year, the group conducted a phishing campaign against German political parties, sending out emails with the logo of the Christian Democratic Union (CDU).
"This is the first time we've seen APT29 attack political parties, which may indicate a new area of interest beyond the group's traditional goals," Mandiant's Luke Jenkins and Dan Black note.
As noted above, this malicious campaign used the WINELOADER backdoor, which was first discovered by Zscaler in February of this year. The attacks began with phishing emails written in German that were passed off as invitations to a dinner party. Launching the attachment to the email in the ".hta" format led to downloading and activating a first-stage dropper called ROOTSAW (also known as EnvyScout), which acts as a WINELOADER delivery channel from a remote server.
The researchers note the similarity of WINELOADER to other malware related to APT29, which points to a common developer.
Despite the fact that the malware was discovered and disclosed only last month, according to researchers, it has already been repeatedly used to attack diplomatic missions in the Czech Republic, Germany, India, Italy, Latvia and Peru. The cyber espionage campaign that distributes WINELOADER has reportedly been active since at least July last year.
This incident demonstrates that modern hacker groups are constantly expanding their areas of interest and improving their attack methods. The threat of cyber espionage today affects not only diplomatic and state structures, but also political parties, as well as representatives of civil society.
To protect important data from theft, all organizations, both government and private, need to take cybersecurity seriously, regularly update their software, train their employees, and apply reliable protection against modern hacking tools and tactics.
Experts of the information security company Mandiant linked recent cyber attacks using the WINELOADER backdoor with the activities of the hacker group Midnight Blizzard (also known as APT29, BlueBravo or Cozy Bear).
According to researchers, around February 26 of this year, the group conducted a phishing campaign against German political parties, sending out emails with the logo of the Christian Democratic Union (CDU).
"This is the first time we've seen APT29 attack political parties, which may indicate a new area of interest beyond the group's traditional goals," Mandiant's Luke Jenkins and Dan Black note.
As noted above, this malicious campaign used the WINELOADER backdoor, which was first discovered by Zscaler in February of this year. The attacks began with phishing emails written in German that were passed off as invitations to a dinner party. Launching the attachment to the email in the ".hta" format led to downloading and activating a first-stage dropper called ROOTSAW (also known as EnvyScout), which acts as a WINELOADER delivery channel from a remote server.
The researchers note the similarity of WINELOADER to other malware related to APT29, which points to a common developer.
Despite the fact that the malware was discovered and disclosed only last month, according to researchers, it has already been repeatedly used to attack diplomatic missions in the Czech Republic, Germany, India, Italy, Latvia and Peru. The cyber espionage campaign that distributes WINELOADER has reportedly been active since at least July last year.
This incident demonstrates that modern hacker groups are constantly expanding their areas of interest and improving their attack methods. The threat of cyber espionage today affects not only diplomatic and state structures, but also political parties, as well as representatives of civil society.
To protect important data from theft, all organizations, both government and private, need to take cybersecurity seriously, regularly update their software, train their employees, and apply reliable protection against modern hacking tools and tactics.
