APT29 hit German political parties with bogus invites and malware

2024-03-25 09:41

APT29 has been spotted targeting German political parties for the first time, Mandiant researchers have shared.

The attack started in late February 2024, with phishing emails containing bogus invitations to a dinner reception, ostensibly sent by the Christian Democratic Union, a major political party in Germany.

WINELOADER is a modular backdoor with detection evasion and persistence capabilities and, according to the researchers, "Likely a variant of the non-public historic BURNTBATTER and MUSKYBEAT code families which Mandiant uniquely associates with APT29."

"We suspect that APT29's interest in is unlikely to be limited to Germany. Western political parties and their associated bodies from across the political spectrum are likely also possible targets for future SVR-linked cyber espionage activity given Moscow's vital interest in understanding changing Western political dynamics related to Ukraine and other flashpoint foreign policy issues," Mandiant researchers pointed out.

"Based on recent activity from other APT29 subclusters, attempts to achieve initial access beyond phishing may include attempts to subvert cloud-based authentication mechanisms or brute force methods such as password spraying."

Earlier this month, Microsoft revealed that APT29 used the information they previously stole from the company to access some of its internal systems and code repositories.

News URL

https://www.helpnetsecurity.com/2024/03/25/apt29-german-political-parties/

#german #malware