Russia's Cozy Bear Targets German Political Parties with Sophisticated Phishing Campaign

The notorious hacking group, linked to Russia's Foreign Intelligence Service, leveraged malware dubbed 'WineLoader' to infiltrate political networks.

Cozy Bear, also known as APT29, conducted a phishing campaign against German political parties using fake dinner invitations to deploy 'WineLoader' malware.
The malware allows remote access and control, marking a shift in the group's focus from diplomatic missions to political entities.
This operation, first targeting political parties, signifies an attempt to influence or monitor political processes ahead of European elections.
Mandiant and Zscaler researchers identified the campaign, which also targeted diplomatic entities in Europe, India, and Peru.
The Christian Democratic Union (CDU) confirmed the attack, emphasizing the fictitious nature of the supposed dinner event.