Security News > 2024 > March > Russia's Cozy Bear caught phishing German politicos with phony dinner invites
The Kremlin's cyberspies targeted German political parties in a phishing campaign that used emails disguised as dinner party invitations, according to Mandiant.
Russia's Cozy Bear, also known as APT29 and Midnight Blizzard, engineered the messages to infect marks' Windows PCs with a backdoor first observed in January and dubbed WINELOADER. These were intended to provide long-term access to the political parties' networks and data, the Google-backed security biz asserted on Friday.
"Western political parties and their associated bodies from across the political spectrum are likely also possible targets for future SVR-linked cyber espionage activity given Moscow's vital interest in understanding changing Western political dynamics related to Ukraine and other flashpoint foreign policy issues," Mandiant's Luke Jenkins and Dan Black wrote in an alert.
Cozy Bear's latest phishing emails, sent out last month, were designed to give to the impression they were sent by Germany's Christian Democratic Union, and included the major political party's logo, inviting recipients to a March 1 dinner reception.
According to Mandiant, this backdoor overlaps with several other strains of malicious software used by Cozy Bear but is "Considerably more customized than the previous variants, as it no longer uses publicly available loaders like DONUT or DAVESHELL and implements a unique C2 mechanism," we're told.
In addition to expanding its targets and techniques, Cozy Bear has also been lurking around Microsoft's networks - an old favorite of the Russian crew - stealing source code, gaining access to internal systems, and snooping around in executives' email inboxes.