Overview

• Cozy Bear, also known as APT29, conducted a phishing campaign against German political parties using fake dinner invitations to deploy 'WineLoader' malware.
• The malware allows remote access and control, marking a shift in the group's focus from diplomatic missions to political entities.
• This operation, first targeting political parties, signifies an attempt to influence or monitor political processes ahead of European elections.
• Mandiant and Zscaler researchers identified the campaign, which also targeted diplomatic entities in Europe, India, and Peru.
• The Christian Democratic Union (CDU) confirmed the attack, emphasizing the fictitious nature of the supposed dinner event.