<ul><li>Russia-linked cyberespionage group APT29, also known as Midnight Blizzard or Cozy Bear, targeted European diplomatic entities with a new malware loader named GRAPELOADER.</li><li>The phishing campaign used fake wine-tasting invitations sent via domains like bakenhof[.]com and silry[.]com to deliver the malicious file, wine.zip.</li><li>GRAPELOADER is an initial-stage downloader that ensures persistence by adding a registry entry to run on startup and connects to the command-and-control (C&C) server every 60 seconds.</li><li>Researchers discovered a new variant of the WINELOADER malware, which shares similarities in code structure and obfuscation techniques with GRAPELOADER.</li></ul>

Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware

Discover more