Overview

• Russian state-sponsored hacking group APT29, also known as Midnight Blizzard, is conducting a sophisticated cyber espionage campaign targeting European diplomatic entities.
• The operation uses spear-phishing emails impersonating a Ministry of Foreign Affairs, inviting recipients to fake wine tasting events with malicious links.
• A new malware loader, GrapeLoader, employs advanced stealth techniques such as DLL sideloading, delayed execution, and in-memory payload delivery to bypass detection tools.
• The campaign also features an updated version of WineLoader, a modular backdoor designed to collect detailed system information and facilitate espionage activities.
• Researchers highlight the evolving sophistication of APT29’s tactics, signaling an escalation in state-sponsored cyber threats against diplomatic and governmental targets.