Wine Not? Cozy Bear’s Phishy Invitations Uncork Cyber Espionage Drama!
Midnight Blizzard, aka APT29 or Cozy Bear, is targeting European embassies with phishing emails disguised as wine tasting invites. These emails contain GrapeLoader malware that leads to the sneakier WineLoader backdoor. So, next time you get a wine tasting invite, remember: it’s not always a merlot, sometimes it’s malware!
Hot Take:
Forget the grapes of wrath; now we have the grapes of attack! Midnight Blizzard seems to have an unparalleled love for wine-tasting parties — or at least for using them as a cover to infiltrate the digital cellars of European diplomats. While some folks are busy swirling wine glasses, others are busy swirling around malware. Cheers to cyber espionage, where the wine isn’t the only thing with legs!
Key Points:
- Midnight Blizzard (APT29/Cozy Bear) targets European embassies with phishing emails disguised as wine-tasting invitations.
- The campaign involves new malware called GrapeLoader and an updated version of WineLoader backdoor.
- Emails are sent from two websites, leading to a file download that executes the malware.
- GrapeLoader ensures persistent access by altering computer settings and avoiding detection.
- WineLoader gathers sensitive information and is harder to detect than its predecessors.
Already a member? Log in here