Home Security Russian Hackers Use ‘WINELOADER’ Malware to Target German Political Parties

Russian Hackers Use ‘WINELOADER’ Malware to Target German Political Parties

by crpt os


Mar 23, 2024NewsroomCyber Espionage / Cyber Warfare

The WINELOADER backdoor used in recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures has been attributed as the handiwork of a hacking group with links to Russia’s Foreign Intelligence Service (SVR), which was responsible for breaching SolarWinds and Microsoft.

The findings come from Mandiant, which said Midnight Blizzard (aka APT29, BlueBravo, or Cozy Bear) used the malware to target German political parties with phishing emails bearing a logo from the Christian Democratic Union (CDU) around February 26, 2024.

“This is the first time we have seen this APT29 cluster target political parties, indicating a possible area of emerging operational focus beyond the typical targeting of diplomatic missions,” researchers Luke Jenkins and Dan Black said.

Cybersecurity

WINELOADER was first disclosed by Zscaler ThreatLabz last month as part of a cyber espionage campaign that’s believed to have been ongoing since at least July 2023. It attributed the activity to a cluster dubbed SPIKEDWINE.

Attack chains leverage phishing emails with German-language lure content that purports to be an invite for a dinner reception to trick recipients into clicking on a phony link and downloading a rogue HTML Application (HTA) file, a first-stage dropper called ROOTSAW (aka EnvyScout) that acts as a conduit to deliver WINELOADER from a remote server.

“The German-language lure document contains a phishing link directing victims to a malicious ZIP file containing a ROOTSAW dropper hosted on an actor-controlled compromised website,” the researchers said. “ROOTSAW delivered a second-stage CDU-themed lure document and a next stage WINELOADER payload.”

WINELOADER, invoked via a technique called DLL side-loading using the legitimate sqldumper.exe, comes equipped with abilities to contact an actor-controlled server and fetch additional modules for execution on the compromised hosts.

It’s said to share similarities with known APT29 malware families like BURNTBATTER, MUSKYBEAT, and BEATDROP, suggesting the work of a common developer.

WINELOADER, per the Google Cloud subsidiary, has also been employed in an operation targeting diplomatic entities in the Czech Republic, Germany, India, Italy, Latvia, and Peru in late January 2024.

“ROOTSAW continues to be the central component of APT29’s initial access efforts to collect foreign political intelligence,” the company said.

“The first-stage malware’s expanded use to target German political parties is a noted departure from the typical diplomatic focus of this APT29 subcluster, and almost certainly reflects the SVR’s interest in gleaning information from political parties and other aspects of civil society that could advance Moscow’s geopolitical interests.”

Cybersecurity

The development comes as German prosecutors have charged a military officer, named Thomas H, with espionage offenses after he was allegedly caught spying on behalf of Russian intelligence services and passing on unspecified sensitive information. He was arrested in August 2023.

“From May 2023, he approached the Russian Consulate General in Bonn and the Russian Embassy in Berlin several times on his own initiative and offered to cooperate,” the Office of the Federal Prosecutor said. “On one occasion, he transmitted information that he had obtained in the course of his professional activities for forwarding to a Russian intelligence service.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex